[jira] [Work logged] (KNOX-2800) Knox tokens created for impersonated user doesn't honor configured per user limit value

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-2800?focusedWorklogId=806706&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-806706
 ]

ASF GitHub Bot logged work on KNOX-2800:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 07/Sep/22 13:24
            Start Date: 07/Sep/22 13:24
    Worklog Time Spent: 10m 
      Work Description: smolnar82 commented on code in PR #631:
URL: https://github.com/apache/knox/pull/631#discussion_r964838187


##########
gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java:
##########
@@ -770,7 +771,11 @@ private Response getAuthenticationToken() {
             // userTokens is an ordered collection (by issue time) -> the 
first element is the oldest one
             final String oldestTokenId = 
userTokens.iterator().next().getTokenId();
             log.generalInfoMessage(String.format(Locale.getDefault(), 
"Revoking %s's oldest token %s ...", userName, 
Tokens.getTokenIDDisplayText(oldestTokenId)));
-            revoke(oldestTokenId);
+            final Response revocationResponse = revoke(oldestTokenId);
+            if (Response.Status.OK.getStatusCode() != 
revocationResponse.getStatus()) {
+              return Response.status(Response.Status.BAD_REQUEST)

Review Comment:
   Yes, that's right. We moved on, and that was a bug. This is happening only 
when the token limit is exceeded -> if the oldest token could not be removed 
for whatever reason, the new token must not be created.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 806706)
    Time Spent: 40m  (was: 0.5h)

> Knox tokens created for impersonated user doesn't honor configured per user 
> limit value
> ---------------------------------------------------------------------------------------
>
>                 Key: KNOX-2800
>                 URL: https://issues.apache.org/jira/browse/KNOX-2800
>             Project: Apache Knox
>          Issue Type: Bug
>    Affects Versions: 1.3.0
>            Reporter: J.Andreina
>            Assignee: Sandor Molnar
>            Priority: Major
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> *Steps*
> 1. Set below configurations
> gateway.knox.token.limit.per.user = 5
> gateway.knox.token.user.limit.exceeded.action = REMOVE_OLDEST
> knox.token.proxyuser.hrt_qa.users=hrt_1
> knox.token.proxyuser.hrt_qa.hosts=*
> 2. Login to token generation page as hrt_qa user
> 3. Fetch 10 token with impersonation field set to "hrt_1"
> *Expected Result:*
> hrt_qa should be allowed to create only 5 tokens with impersonated user set 
> to hrt_1
> *{color:red}Issue:{color}*
> Tokens created for impersonated user doesnt honor configured per user limit 
> value
> ie. hrt_qa user is able to create any number of tokens as hrt_1 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)