Skip to content

refactor: modernize session management and token validation#1390

Open
solracsf wants to merge 1 commit intomainfrom
refactorUserBackend
Open

refactor: modernize session management and token validation#1390
solracsf wants to merge 1 commit intomainfrom
refactorUserBackend

Conversation

@solracsf
Copy link
Copy Markdown
Member

@solracsf solracsf commented Mar 26, 2026
edited
Loading

This PR is a comprehensive audit and refactor, resolving bugs and performance problems identified through iterative code review. Refactor user session management and token validation logic for improved clarity and functionality. Introduce constants for session data and enhance error handling.

  • Catch exceptions when instantiating bearer token validators, so a missing or broken DI entry no longer crashes the authentication chain.
  • Catch exceptions during provisioning strategy resolution and execution, and log the failure instead of aborting login.
  • Tighten bearer token parsing and basic UID validation before using the resolved user ID.
  • Treat duplicate validations for the same (provider, userId) as valid, while still rejecting genuinely ambiguous matches across different providers or user IDs.
  • Pre-instantiate validators outside provider loop

@solracsf solracsf mentioned this pull request Mar 26, 2026
Closed
@solracsf solracsf force-pushed the refactorUserBackend branch 2 times, most recently from 44990c5 to e1b4226 Compare March 27, 2026 06:15
@solracsf solracsf marked this pull request as ready for review March 27, 2026 06:15
julien-nc
julien-nc requested changes Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@julien-nc julien-nc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for refactoring this. Could you add a doc block comment for all the new methods with a global description? Especially if they change the overall behaviour of the backend.

julien-nc
julien-nc reviewed Mar 30, 2026
View reviewed changes
@solracsf
Copy link
Copy Markdown
Member Author

solracsf commented Mar 30, 2026

@julien-nc will adress all your comments at once ASAP.

@julien-nc
Copy link
Copy Markdown
Member

julien-nc commented Mar 30, 2026

@solracsf There is no rush 😁

@solracsf solracsf force-pushed the refactorUserBackend branch from e1b4226 to c392b41 Compare March 30, 2026 11:18
@solracsf solracsf requested a review from julien-nc March 30, 2026 11:19
@solracsf
refactor: modernize session management and token validation
7c966c9 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
@solracsf solracsf force-pushed the refactorUserBackend branch from c392b41 to 7c966c9 Compare March 30, 2026 11:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@julien-nc julien-nc Awaiting requested review from julien-nc

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

3. to review performance Refactor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@solracsf @julien-nc