alopresto commented on a change in pull request #4377:
URL: https://github.com/apache/nifi/pull/4377#discussion_r448674389
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/impl/StandardKeyService.java
##########
@@ -119,10 +119,18 @@ public void deleteKey(String identity) {
// delete the keys
DeleteKeysAction deleteKeys = new DeleteKeysAction(identity);
- transaction.execute(deleteKeys);
-
- // commit the transaction
- transaction.commit();
+ Integer rowsDeleted = transaction.execute(deleteKeys);
+
+ // commit the transaction if we found one and only one matching
user identity
+ if(rowsDeleted == 0) {
+ rollback(transaction);
+ throw new AdministrationException("Unable to find user
identity " + identity + " to remove token.");
+ } else if(rowsDeleted > 1) {
Review comment:
Is there a legitimate scenario where there should be multiple identical
identities in the database? If someone can take advantage of the identity
mappings and cause their identity to match someone else's, this could be an
attack vector.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
