Skip to content

Move authorization logic to new layer. #448

New issue
New issue
Closed
#614
Closed
Move authorization logic to new layer.#448
#614
Assignees
mario-nt
Labels
- Developer -Torrust Improvement ExperienceCode Cleanup / RefactoringTidying and Making Neat
Milestone
v3.0.0
@mario-nt

Description

@mario-nt
mario-nt
opened on Jan 29, 2024

Parent issue: #616

Handlers that require an optional user ID, check if the user found in the bearer token exists in the database in the handler, however, for handlers that require an user id, that check is not done in the handler but for example in the torrent service.

It would be ideal to have the same app behavior regardless of the type of handler (required or optional user ID):

  • When we receive a token we should always check in the handler if the user exists.
  • If the user does not exist we should return an unauthorized response. Even if the user is optional for that endpoint.
  • The frontend should invalidate the token if it receives an unauthorized response and remove it from the local storage, and do not send it anymore to the server.

Metadata

Metadata

Assignees

Labels

- Developer -Torrust Improvement ExperienceCode Cleanup / RefactoringTidying and Making Neat

Type

No type

Projects

Torrust Solution

Status

Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions