[jira] [Work logged] (KNOX-2800) Knox tokens created for impersonated user doesn't honor configured per user limit value

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-2800?focusedWorklogId=806699&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-806699
 ]

ASF GitHub Bot logged work on KNOX-2800:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 07/Sep/22 13:10
            Start Date: 07/Sep/22 13:10
    Worklog Time Spent: 10m 
      Work Description: zeroflag commented on code in PR #631:
URL: https://github.com/apache/knox/pull/631#discussion_r964821436


##########
gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java:
##########
@@ -770,7 +771,11 @@ private Response getAuthenticationToken() {
             // userTokens is an ordered collection (by issue time) -> the 
first element is the oldest one
             final String oldestTokenId = 
userTokens.iterator().next().getTokenId();
             log.generalInfoMessage(String.format(Locale.getDefault(), 
"Revoking %s's oldest token %s ...", userName, 
Tokens.getTokenIDDisplayText(oldestTokenId)));
-            revoke(oldestTokenId);
+            final Response revocationResponse = revoke(oldestTokenId);
+            if (Response.Status.OK.getStatusCode() != 
revocationResponse.getStatus()) {
+              return Response.status(Response.Status.BAD_REQUEST)

Review Comment:
   Why do we need to return with the failure at this point? As far as I see 
earlier we used to move on when the revoke was unsuccessful.
   





Issue Time Tracking
-------------------

    Worklog Id:     (was: 806699)
    Time Spent: 0.5h  (was: 20m)

> Knox tokens created for impersonated user doesn't honor configured per user 
> limit value
> ---------------------------------------------------------------------------------------
>
>                 Key: KNOX-2800
>                 URL: https://issues.apache.org/jira/browse/KNOX-2800
>             Project: Apache Knox
>          Issue Type: Bug
>    Affects Versions: 1.3.0
>            Reporter: J.Andreina
>            Assignee: Sandor Molnar
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> *Steps*
> 1. Set below configurations
> gateway.knox.token.limit.per.user = 5
> gateway.knox.token.user.limit.exceeded.action = REMOVE_OLDEST
> knox.token.proxyuser.hrt_qa.users=hrt_1
> knox.token.proxyuser.hrt_qa.hosts=*
> 2. Login to token generation page as hrt_qa user
> 3. Fetch 10 token with impersonation field set to "hrt_1"
> *Expected Result:*
> hrt_qa should be allowed to create only 5 tokens with impersonated user set 
> to hrt_1
> *{color:red}Issue:{color}*
> Tokens created for impersonated user doesnt honor configured per user limit 
> value
> ie. hrt_qa user is able to create any number of tokens as hrt_1 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)