Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
2d890df892
PromucFlow_constructor/app/server
History
Abhijeet 2d890df892
fix: Update security context via reactive context repository instead of directly updating session attributes (#40892) 
## Description
This PR fixes the security context persistence mechanism in the email
verification flow. Previously, the code was directly manipulating the
session attributes to store the security context, which is not the
recommended approach in Spring WebFlux applications. We've updated the
implementation to use the proper ServerSecurityContextRepository for
persisting the security context.

### Changes
Existing implementation:
```
session.getAttributes().put(DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME, securityContext);
```
Drawbacks:
- Bypassed Spring Security's security context management
- Didn't properly integrate with reactive patterns
- Could lead to session consistency issues
- Wasn't compatible with different security context storage strategies

Updated implementation:
```
ServerSecurityContextRepository contextRepository = new WebSessionServerSecurityContextRepository();
return contextRepository.save(exchange, securityContext)
    .then(repository.save(user));
```

Advantages: 
- Proper integration with Spring Security's reactive architecture
- Thread-safe security context persistence
- Better session management
- Future compatibility with different session storage mechanisms

Ref thread:
https://theappsmith.slack.com/archives/C02K2MZERSL/p1749434009167839

/test Authentication,Email

### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results  -->
> [!TIP]
> 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/15532462184>
> Commit: 42445874aafe300c6791cb45388eb0d778e56fba
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=15532462184&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Authentication, @tag.Email`
> Spec:
> <hr>Mon, 09 Jun 2025 10:49:28 UTC
<!-- end of auto-generated comment: Cypress test results  -->


## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **Bug Fixes**
- Improved email verification process for a more reliable and consistent
user authentication experience.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-06-09 16:20:45 +05:30
..
.run
appsmith-git fix: eliminate concurrency bug in file deletion logic by removing side effects from parallel stream (#40744) 2025-05-23 12:34:58 +00:00
appsmith-interfaces fix: Handle burst traffic for fetching feature flags during cron job (#40808) 2025-05-30 07:28:44 +00:00
appsmith-plugins chore: added automatic option to run behaviour behind feature flag (#40608) 2025-05-16 16:29:31 +05:30
appsmith-server fix: Update security context via reactive context repository instead of directly updating session attributes (#40892) 2025-06-09 16:20:45 +05:30
envs chore: Move signup_disabled and form_login_enabled from envs to DB (#39882) 2025-03-26 11:26:00 +05:30
mongo-seed
reactive-caching feat: Restrict cron execution for single pod in clustered environment (#39171) 2025-02-25 17:20:11 +05:30
scripts chore: Revert "chore: delete redundant files" (#35022) 2024-07-18 16:18:10 +05:30
.gitignore
build.sh test: Enable server tests for the PRs with base PG branch (#33429) 2024-05-22 15:55:20 +05:30
buildpack-run.sh
pom.xml chore: Added capability of running ITs on maven (#38354) 2024-12-25 02:08:49 +05:30
Procfile
README.md
system.properties

README.md

Appsmith Server

This is the server-side repository for the Appsmith framework.

For details on setting up your development machine, please refer to this Setup Guide.