From 788e101a3f0646b5e0e573ce2ba5c3279a5e3a75 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Thu, 1 Nov 2018 14:46:40 +0000
Subject: [PATCH]

---
 server/AyaNova/Controllers/AuthController.cs | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs
index 6982e9ee..2672c2c0 100644
--- a/server/AyaNova/Controllers/AuthController.cs
+++ b/server/AyaNova/Controllers/AuthController.cs
@@ -130,6 +130,10 @@ namespace AyaNova.Api.Controllers
                     //issue tokens as well, but it looked cmplex and this works so unless need to remove in future keeping it.
                     string token = Jose.JWT.Encode(payload, secretKey, Jose.JwsAlgorithm.HS256);
 
+                    //TODO: Before release double check that security of JWT is still ok:
+                    //https://assets.pentesterlab.com/jwt_security_cheatsheet/jwt_security_cheatsheet.pdf
+                    //https://github.com/ticarpi/jwt_tool
+
 
                     log.LogDebug($"User number \"{u.Id}\" logged in from \"{Util.StringUtil.MaskIPAddress(HttpContext.Connection.RemoteIpAddress.ToString())}\" ok");
                     metrics.Measure.Meter.Mark(MetricsRegistry.SuccessfulLoginMeter);