Skip to content

Feature/handel multiple attempt password#426

Open
SauravBizbRolly wants to merge 12 commits into
release-3.8.2from
feature/handel_multiple_attempt_password
Open

Feature/handel multiple attempt password#426
SauravBizbRolly wants to merge 12 commits into
release-3.8.2from
feature/handel_multiple_attempt_password

Conversation

@SauravBizbRolly
Copy link
Copy Markdown
Contributor

@SauravBizbRolly SauravBizbRolly commented Jun 2, 2026

📋 Description

JIRA ID:
Feature handle multiple attempt password

✅ Type of Change

  • 🐞 Bug fix (non-breaking change which resolves an issue)
  • New feature (non-breaking change which adds functionality)
  • 🔥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • 🛠 Refactor (change that is neither a fix nor a new feature)
  • ⚙️ Config change (configuration file or build script updates)
  • 📚 Documentation (updates to docs or readme)
  • 🧪 Tests (adding new or updating existing tests)
  • 🎨 UI/UX (changes that affect the user interface)
  • 🚀 Performance (improves performance)
  • 🧹 Chore (miscellaneous changes that don't modify src or test files)

ℹ️ Additional Information

Please describe how the changes were tested, and include any relevant screenshots, logs, or other information that provides additional context.

snehar-nd and others added 12 commits April 2, 2026 15:21
@snehar-nd
fix: property values are not fetching after deploying in linux server
eb917b2
@SauravBizbRolly
Merge pull request #409 from PSMRI/vbb/release-3.8.1
73df48e 
Mapped ASHA's list is missing in Login API response
@snehar-nd @claude
fix: occupationID and educationID not saved during beneficiary update
56e33f8 
setDemographicDetails() was overwriting occupationName (already set
correctly by the mapper from occupationID) with null when no occupation
name string was present in the payload. Added null guards so the mapper's
resolved name is preserved, and explicitly set occupationId/educationId
from i_bendemographics to ensure the IDs always reach Identity-API.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@snehar-nd
Revert "fix: property values are not fetching after deploying in linu…
c574506 
…x server"

This reverts commit eb917b2.
@snehar-nd
Merge pull request #410 from PSMRI/sn/3.8.1
a22a0db 
Occupation details getting null in DB
@snehar-nd @claude
fix: concurrent session logout not invalidating JWT in first system
544d557 
logOutUserFromConcurrentSession only cleaned up old-style Redis session
keys but never added the displaced user's JWT to the denylist. Because
JwtUserIdValidationFilter validates solely via JWT signature and the
denylist, System 1's token remained valid and all APIs returned 200
after System 2 forced a concurrent login.

Fix: store a username→JTI mapping in Redis at login time; during
concurrent-session logout, look up the JTI and add it to the denylist
and evict the user_<id> cache so the next request from System 1 is
rejected with 401 and the frontend shows the session-expiry message.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@snehar-nd
Merge pull request #411 from PSMRI/sn/3.8.1
341aeff 
fix: concurrent session logout not invalidating JWT in first system
@snehar-nd @claude
fix: concurrent session logout not invalidating JWT on first system
80fa0e5 
logOutUserFromConcurrentSession only cleaned up old-style Redis session
keys but never added the displaced user's JWT to the denylist. Because
JwtUserIdValidationFilter validates solely via JWT signature and the
denylist, System 1's token remained valid and all APIs returned 200
after System 2 forced a concurrent login.

The root serialization bug: redisTemplate value serializer is
Jackson2JsonRedisSerializer<User>, so storing a plain String JTI
caused a deserialization failure on retrieval. Fixed by using the
existing StringRedisTemplate bean for the jti: key operations.

Fix:
- Store username->JTI mapping via StringRedisTemplate at login
  (both userAuthenticate and superUserAuthenticate)
- On concurrent-session logout, retrieve the JTI, add it to the
  denylist, evict user_<id> from User cache, and clean up jti: key
- Add getAccessTokenExpiration() to JwtUtil to supply the TTL

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@snehar-nd
Merge pull request #412 from PSMRI/fix/concurrent-session-jwt-denylist
c82c9ad 
fix: concurrent session logout not invalidating JWT on first system
@vishwab1 @claude
fix(security): remove PII from JWT token for mobile logins (#413)
ccab7de 
Add generateSecureToken/generateSecureRefreshToken methods that use
userId as sub instead of username. Mobile logins (okhttp User-Agent)
use the secure token — web logins remain unchanged for backward
compatibility. Other services will be migrated one by one.

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
@SauravBizbRolly
Implement feature multiple login attempt
2c23d93
@SauravBizbRolly
Implement feature multiple login attempt
fe3336a
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Jun 2, 2026

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 32c89866-0a69-44cf-9a08-6e2ddf87fd71

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feature/handel_multiple_attempt_password

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jun 2, 2026

Quality Gate Passed Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@SauravBizbRolly SauravBizbRolly requested a review from vishwab1 June 3, 2026 05:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vanitha1822 vanitha1822 Awaiting requested review from vanitha1822

@vishwab1 vishwab1 Awaiting requested review from vishwab1

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SauravBizbRolly @snehar-nd @vishwab1