Add token decoding functionality to login/registration views #153
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
requested a review
from 
ghost
approved these changes
Mar 3, 2020
There was a problem hiding this comment.
Thanks @Fahminajjar, if it's already in the Dogwood then I think we can can add it here as well.
Additionally, I have a couple of concerns that we probably should address in the near future:
- This PR has a couple of inline changes that would make it difficult to manage in future releases.
- Adding tests would make future merges easier to verify. This is a good mitigation even if it doesn't make them go away.
- I still need more background about the nature of the issue we're solving, but my initial though is that we could use "encoding" instead of a shared-key "encryption".
I created a follow up GitHub issue so we get to merge this and then address the notes after the deployment.
ghost
mentioned this pull request
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
We have a bug related to login and registration (Logistration) for old devices so I enhanced the Logistration process by encrypting the form (login/registration) data using a shared secret key between the frontend and the server to JSON Web Token, then the server decrypts the token and takes the form data from it.
We already developed this enhancement on edx-platform (Dogwood) so I just rewrote the enhancement here for the Hawthorn version to make it ready for this change after the deployment.