J.Andreina created KNOX-2976:
--------------------------------
Summary: Expired JWT and SSO token should not be having disable
and enable token batch operations exposed for user
Key: KNOX-2976
URL: https://issues.apache.org/jira/browse/KNOX-2976
Project: Apache Knox
Issue Type: Bug
Components: TokenManagementUI
Affects Versions: 2.1.0
Reporter: J.Andreina
Attachments: image-2023-10-26-10-38-33-481.png
+*{color:#de350b}PROBLEM STATEMENT:{color}*+
Expired JWT and SSO token should not be having disable and enable token batch
operations exposed for user
+*BUILDS:*+
2.1.0
+*STEPS TO REPRODUCE:*+
1. browser1 - Login to knox home page as hrt_qa
2. Update below knox-cm configurations
knox.global.logout.page.url=https://<logout_url>
knox.token.exp.server-managed=true
gateway.knox.token.management.users.can.see.all.tokens = hrt_qa, hrt_1
gateway.knox.token.eviction.grace.period=10 min
knoxsso_token_ttl=120000 (2 min)
3. browser2 - Login to knox home page as hrt_22
4. Generate hrt_22 JWT token with 1 mins
5. wait for above JWT token to expire
6. Wait for hrt_22 SSO token to expire
+*CURRENT BEHAVIOUR:*+
On token management page able to see below batch operation for :
SSO token - disable and enable
JWT token - enable,disable,revoke
+*EXPECTED BEHAVIOUR:*+
Both expired SSO token and JWT token should not have enable and disable
operation as part of batch selection on expired tokens
+*OCCURRENCE:*+
Reproducible
+*IMPACT:*+
Expired token allows user to perform disable and enable operation , which
doesnt have any effect
+*LOG ARTIFACTS:*+
!image-2023-10-26-10-38-40-074.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
