Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-8316

Drop userId field in TokenLoginModule

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • None
    • 1.14.0
    • core, security
    • None

    Description

      TokenLoginModule.login contains the following code that may set the userId field:

      [...]
                  TokenCredentials tc = (TokenCredentials) credentials;
                  TokenAuthentication authentication = new TokenAuthentication(tokenProvider);
                  if (authentication.authenticate(tc)) {
                      tokenCredentials = tc;
                      tokenInfo = authentication.getTokenInfo();
                      userId = authentication.getUserId();
                      [...]
                 }
      

      however, TokenAuthentication.getUserId() will just delegate to TokenInfo.getUserId and setting the userId in the login module is IMO redundant. Also, upon commit the AuthInfo is ultimately populated with the ID retrieved from the TokenInfo and the userId field is ignored.

      I would therefore suggest to drop the extra userId field and simplify the code accordingly. Alex Deparvu, will attach a proposed patch later today.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            angela Angela Schreiber
            angela Angela Schreiber
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment