Uploaded image for project: 'Couchbase Gateway'
  1. Couchbase Gateway
  2. CBG-3129

[3.1.1 backport] JWTLastUpdated should only be modified when claim-based access changes

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 3.1.1
    • 3.1.0
    • SyncGateway
    • Security Level: Public
    • None
    • CBG Sprint 129
    • 1

    Description

      authenticateJWTIdentity is setting JWTLastUpdated to time.Now() every time a JWT is used for authentication. This triggers an update to the principal document in updatePrincipal, which results in unintended sequence allocation and user doc mutation per authentication.

      JWTLastUpdated should only be updated when one of the other JWT-related properties is modified on the principal.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            ben.brooks Ben Brooks
            adamf Adam Fraser
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty