[KNOX-2976] Expired JWT and SSO token should not be having disable and enable token batch operations exposed for user - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.1.0
Fix Version/s: 2.1.0
Component/s: TokenManagementUI
Labels:
None

Description

PROBLEM STATEMENT:
Expired JWT and SSO token should not be having disable and enable token batch operations exposed for user

BUILDS:
2.1.0

STEPS TO REPRODUCE:
1. browser1 - Login to knox home page as hrt_qa
2. Update below knox-cm configurations
knox.global.logout.page.url=https://<logout_url>
knox.token.exp.server-managed=true
gateway.knox.token.management.users.can.see.all.tokens = hrt_qa, hrt_1
gateway.knox.token.eviction.grace.period=10 min
knoxsso_token_ttl=120000 (2 min)
3. browser2 - Login to knox home page as hrt_22
4. Generate hrt_22 JWT token with 1 mins
5. wait for above JWT token to expire
6. Wait for hrt_22 SSO token to expire

CURRENT BEHAVIOUR:
On token management page able to see below batch operation for :

SSO token - disable and enable
JWT token - enable,disable,revoke

EXPECTED BEHAVIOUR:
Both expired SSO token and JWT token should not have enable and disable operation as part of batch selection on expired tokens

OCCURRENCE:
Reproducible

IMPACT:
Expired token allows user to perform disable and enable operation , which doesnt have any effect

LOG ARTIFACTS:

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

screenshot-1.png
26/Oct/23 05:09
459 kB
J.Andreina
image-2023-10-26-10-38-33-481.png
26/Oct/23 05:08
460 kB
J.Andreina

Issue Links

links to

GitHub Pull Request #812

Activity

People

Assignee:: Sandor Molnar

Reporter:: J.Andreina

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 26/Oct/23 05:08

Updated:: 30/Oct/23 10:26

Resolved:: 30/Oct/23 10:26