Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-9613

Wrong AuthenticationSuccessEvent username

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Low
    • 5.3.0
    • None
    • API - Java
    • None

    Description

      How DefaultHttpAuthenticationContext.onSuccess(user) leaves username unmodified. There are some cases when username is some control string, like 'x-oauth-token', and after authentication it get valid ApplicationUser from authentication system, but:

      String username = context.getUsername() != null ? context.getUsername() : context.getUser().getName();

      eventPublisher.publish(new AuthenticationSuccessEvent(this, username, context.getMethod()));

      And this send event for user 'x-auth-token', that is not a valid user. But possible it must use user.getName() if getUser() is not null. Like this:

      String username = context.getUser() != null ? context.getUser().getName() : context.getUsername();

       

      Attachments

        Activity

          People

            istephens Isabella Stephens
            3652ed9ede2e Alexey Efimov
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: