Skip to content

Commit

Permalink
removes unnecessary token theft detection check
Browse files Browse the repository at this point in the history
  • Loading branch information
@rishabhpoddar
rishabhpoddar committed Oct 26, 2023
1 parent dafa8e3 commit 186f52f
Show file tree
Hide file tree
Showing 6 changed files with 0 additions and 132 deletions.
22 changes: 0 additions & 22 deletions ...word/common-customizations/sessions/session-verification-in-api/get-session.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1031,9 +1031,6 @@ function verifySession(options?: VerifySessionOptions) {

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if (err.type === Session.Error.INVALID_CLAIMS) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1085,9 +1082,6 @@ func VerifySession(options *sessmodels.VerifySessionOptions, otherHandler http.H

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if defaultErrors.As(err, &errors.InvalidClaimError{}) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1126,7 +1120,6 @@ from supertokens_python.recipe.session import SessionContainer
from supertokens_python.recipe.session.interfaces import SessionClaimValidator
from supertokens_python.types import MaybeAwaitable
from supertokens_python.recipe.session.exceptions import (
TokenTheftError,
UnauthorisedError,
InvalidClaimsError,
TryRefreshTokenError
Expand Down Expand Up @@ -1173,10 +1166,6 @@ def verify_session(
# You can handle this in a custom way by sending a 401.
# Or you can call the errorHandler middleware as shown below
pass
if isinstance(e, TokenTheftError):
# Session hijacking attempted. You should revoke the session
# using Session.revokeSession fucntion and send a 401
pass
if isinstance(e, InvalidClaimsError):
# The user is missing some required claim.
# You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1235,9 +1224,6 @@ async function verifySession(accessToken: string, antiCsrfToken?: string, option

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if (err.type === Session.Error.INVALID_CLAIMS) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1289,9 +1275,6 @@ func VerifySession(accessToken string, antiCsrfToken *string, options *sessmodel

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if defaultErrors.As(err, &errors.InvalidClaimError{}) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1330,7 +1313,6 @@ from supertokens_python.recipe.session import SessionContainer
from supertokens_python.recipe.session.interfaces import SessionClaimValidator
from supertokens_python.types import MaybeAwaitable
from supertokens_python.recipe.session.exceptions import (
TokenTheftError,
UnauthorisedError,
InvalidClaimsError,
TryRefreshTokenError
Expand Down Expand Up @@ -1373,10 +1355,6 @@ def verify_session(
# You can handle this in a custom way by sending a 401.
# Or you can call the errorHandler middleware as shown below
pass
if isinstance(e, TokenTheftError):
# Session hijacking attempted. You should revoke the session
# using Session.revokeSession fucntion and send a 401
pass
if isinstance(e, InvalidClaimsError):
# The user is missing some required claim.
# You can pass the missing claims to the frontend and handle it there
Expand Down
22 changes: 0 additions & 22 deletions ...less/common-customizations/sessions/session-verification-in-api/get-session.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1031,9 +1031,6 @@ function verifySession(options?: VerifySessionOptions) {

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if (err.type === Session.Error.INVALID_CLAIMS) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1085,9 +1082,6 @@ func VerifySession(options *sessmodels.VerifySessionOptions, otherHandler http.H

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if defaultErrors.As(err, &errors.InvalidClaimError{}) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1126,7 +1120,6 @@ from supertokens_python.recipe.session import SessionContainer
from supertokens_python.recipe.session.interfaces import SessionClaimValidator
from supertokens_python.types import MaybeAwaitable
from supertokens_python.recipe.session.exceptions import (
TokenTheftError,
UnauthorisedError,
InvalidClaimsError,
TryRefreshTokenError
Expand Down Expand Up @@ -1173,10 +1166,6 @@ def verify_session(
# You can handle this in a custom way by sending a 401.
# Or you can call the errorHandler middleware as shown below
pass
if isinstance(e, TokenTheftError):
# Session hijacking attempted. You should revoke the session
# using Session.revokeSession fucntion and send a 401
pass
if isinstance(e, InvalidClaimsError):
# The user is missing some required claim.
# You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1235,9 +1224,6 @@ async function verifySession(accessToken: string, antiCsrfToken?: string, option

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if (err.type === Session.Error.INVALID_CLAIMS) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1289,9 +1275,6 @@ func VerifySession(accessToken string, antiCsrfToken *string, options *sessmodel

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if defaultErrors.As(err, &errors.InvalidClaimError{}) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1330,7 +1313,6 @@ from supertokens_python.recipe.session import SessionContainer
from supertokens_python.recipe.session.interfaces import SessionClaimValidator
from supertokens_python.types import MaybeAwaitable
from supertokens_python.recipe.session.exceptions import (
TokenTheftError,
UnauthorisedError,
InvalidClaimsError,
TryRefreshTokenError
Expand Down Expand Up @@ -1373,10 +1355,6 @@ def verify_session(
# You can handle this in a custom way by sending a 401.
# Or you can call the errorHandler middleware as shown below
pass
if isinstance(e, TokenTheftError):
# Session hijacking attempted. You should revoke the session
# using Session.revokeSession fucntion and send a 401
pass
if isinstance(e, InvalidClaimsError):
# The user is missing some required claim.
# You can pass the missing claims to the frontend and handle it there
Expand Down
22 changes: 0 additions & 22 deletions ...sion/common-customizations/sessions/session-verification-in-api/get-session.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1031,9 +1031,6 @@ function verifySession(options?: VerifySessionOptions) {

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if (err.type === Session.Error.INVALID_CLAIMS) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1085,9 +1082,6 @@ func VerifySession(options *sessmodels.VerifySessionOptions, otherHandler http.H

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if defaultErrors.As(err, &errors.InvalidClaimError{}) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1126,7 +1120,6 @@ from supertokens_python.recipe.session import SessionContainer
from supertokens_python.recipe.session.interfaces import SessionClaimValidator
from supertokens_python.types import MaybeAwaitable
from supertokens_python.recipe.session.exceptions import (
TokenTheftError,
UnauthorisedError,
InvalidClaimsError,
TryRefreshTokenError
Expand Down Expand Up @@ -1173,10 +1166,6 @@ def verify_session(
# You can handle this in a custom way by sending a 401.
# Or you can call the errorHandler middleware as shown below
pass
if isinstance(e, TokenTheftError):
# Session hijacking attempted. You should revoke the session
# using Session.revokeSession fucntion and send a 401
pass
if isinstance(e, InvalidClaimsError):
# The user is missing some required claim.
# You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1235,9 +1224,6 @@ async function verifySession(accessToken: string, antiCsrfToken?: string, option

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if (err.type === Session.Error.INVALID_CLAIMS) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1289,9 +1275,6 @@ func VerifySession(accessToken string, antiCsrfToken *string, options *sessmodel

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if defaultErrors.As(err, &errors.InvalidClaimError{}) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1330,7 +1313,6 @@ from supertokens_python.recipe.session import SessionContainer
from supertokens_python.recipe.session.interfaces import SessionClaimValidator
from supertokens_python.types import MaybeAwaitable
from supertokens_python.recipe.session.exceptions import (
TokenTheftError,
UnauthorisedError,
InvalidClaimsError,
TryRefreshTokenError
Expand Down Expand Up @@ -1373,10 +1355,6 @@ def verify_session(
# You can handle this in a custom way by sending a 401.
# Or you can call the errorHandler middleware as shown below
pass
if isinstance(e, TokenTheftError):
# Session hijacking attempted. You should revoke the session
# using Session.revokeSession fucntion and send a 401
pass
if isinstance(e, InvalidClaimsError):
# The user is missing some required claim.
# You can pass the missing claims to the frontend and handle it there
Expand Down
22 changes: 0 additions & 22 deletions ...arty/common-customizations/sessions/session-verification-in-api/get-session.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1031,9 +1031,6 @@ function verifySession(options?: VerifySessionOptions) {

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if (err.type === Session.Error.INVALID_CLAIMS) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1085,9 +1082,6 @@ func VerifySession(options *sessmodels.VerifySessionOptions, otherHandler http.H

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if defaultErrors.As(err, &errors.InvalidClaimError{}) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1126,7 +1120,6 @@ from supertokens_python.recipe.session import SessionContainer
from supertokens_python.recipe.session.interfaces import SessionClaimValidator
from supertokens_python.types import MaybeAwaitable
from supertokens_python.recipe.session.exceptions import (
TokenTheftError,
UnauthorisedError,
InvalidClaimsError,
TryRefreshTokenError
Expand Down Expand Up @@ -1173,10 +1166,6 @@ def verify_session(
# You can handle this in a custom way by sending a 401.
# Or you can call the errorHandler middleware as shown below
pass
if isinstance(e, TokenTheftError):
# Session hijacking attempted. You should revoke the session
# using Session.revokeSession fucntion and send a 401
pass
if isinstance(e, InvalidClaimsError):
# The user is missing some required claim.
# You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1235,9 +1224,6 @@ async function verifySession(accessToken: string, antiCsrfToken?: string, option

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if (err.type === Session.Error.TOKEN_THEFT_DETECTED) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if (err.type === Session.Error.INVALID_CLAIMS) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1289,9 +1275,6 @@ func VerifySession(accessToken string, antiCsrfToken *string, options *sessmodel

// You can handle this in a custom way by sending a 401.
// Or you can call the errorHandler middleware as shown below
} else if defaultErrors.As(err, &errors.TokenTheftDetectedError{}) {
// Session hijacking attempted. You should revoke the session
// using Session.revokeSession fucntion and send a 401
} else if defaultErrors.As(err, &errors.InvalidClaimError{}) {
// The user is missing some required claim.
// You can pass the missing claims to the frontend and handle it there
Expand Down Expand Up @@ -1330,7 +1313,6 @@ from supertokens_python.recipe.session import SessionContainer
from supertokens_python.recipe.session.interfaces import SessionClaimValidator
from supertokens_python.types import MaybeAwaitable
from supertokens_python.recipe.session.exceptions import (
TokenTheftError,
UnauthorisedError,
InvalidClaimsError,
TryRefreshTokenError
Expand Down Expand Up @@ -1373,10 +1355,6 @@ def verify_session(
# You can handle this in a custom way by sending a 401.
# Or you can call the errorHandler middleware as shown below
pass
if isinstance(e, TokenTheftError):
# Session hijacking attempted. You should revoke the session
# using Session.revokeSession fucntion and send a 401
pass
if isinstance(e, InvalidClaimsError):
# The user is missing some required claim.
# You can pass the missing claims to the frontend and handle it there
Expand Down
Loading

0 comments on commit 186f52f

Please sign in to comment.