Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: [Prod] In a specific case we are able to use old deleted API token #4960

Closed
2 tasks done
ashishdevtron opened this issue Apr 17, 2024 · 0 comments · Fixed by #4978
Closed
2 tasks done

Bug: [Prod] In a specific case we are able to use old deleted API token #4960

ashishdevtron opened this issue Apr 17, 2024 · 0 comments · Fixed by #4978
Assignees
@prakarsh-dt @vikramdevtron
Labels
bug Something isn't working

Comments

@ashishdevtron
Copy link
Contributor

ashishdevtron commented Apr 17, 2024
edited by systemsdt
Loading

📜 Description

when an api token is deleted, and then created again with the same name, we are able to use the old token (which was deleted) to access devtron

👟 Reproduction steps

Create a api token with name superadmin ->copy the token -> if someone creates token with same name again we are able to use hit api with old superadmin token value

👍 Expected behavior

old (deleted) token should give "invalid user"

👎 Actual Behavior

successfully authenticates via deleted token

☸ Kubernetes version

.

Cloud provider

.

🌍 Browser

Chrome

🧱 Your Environment

No response

✅ Proposed Solution

No response

👀 Have you spent some time to check if this issue has been raised before?

  • I checked and didn't find any similar issue

🏢 Have you read the Code of Conduct?

AB#9416
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@prakarsh-dt prakarsh-dt

@vikramdevtron vikramdevtron

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
3 participants
@prakarsh-dt @vikramdevtron @ashishdevtron