Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DeleteOAuthToken API method doesn't work properly #21890

Closed
olexii4 opened this issue Dec 15, 2022 · 1 comment · Fixed by eclipse-che/che-server#408
Closed

DeleteOAuthToken API method doesn't work properly #21890

olexii4 opened this issue Dec 15, 2022 · 1 comment · Fixed by eclipse-che/che-server#408
Assignees
@vinokurig
Labels
area/security kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system. sprint/next

Comments

@olexii4
Copy link
Contributor

olexii4 commented Dec 15, 2022
edited
Loading

Describe the bug

The deleteOAuthToken API method doesn't work properly.

https://github.com/eclipse-che/che-server/blob/main/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/OAuthAuthenticator.java#L334

Che version

7.57@latest

Steps to reproduce

  1. Deploy CHE.
  2. Added OAuth for GitHub, GitLab, and Bitbucket.
  3. Create a new workspace from the private repository.
  4. Delete the created workspace.
  5. Open che-server swagger {CHE-host}/swagger and delete OAuth token.
    Знімок екрана 2022-12-15 о 16 33 57
  6. Create a new workspace from the same private repo. You should be redirected to the login flow again.

Expected behavior

The current git session should be expired after deleting the OAuth token.

Runtime

minikube

Screenshots

No response

Installation method

chectl/next

Environment

macOS

Eclipse Che Logs

No response

Additional context

No response
@olexii4 olexii4 added the kind/bug Outline of a bug - must adhere to the bug report template. label Dec 15, 2022
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Dec 15, 2022
@olexii4 olexii4 mentioned this issue Dec 15, 2022
Merged
@Kasturi1820 Kasturi1820 added area/security severity/P2 Has a minor but important impact to the usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Dec 16, 2022
@ibuziuk ibuziuk added sprint/next severity/P1 Has a major impact to usage or development of the system. and removed severity/P2 Has a minor but important impact to the usage or development of the system. labels Dec 19, 2022
@vinokurig vinokurig self-assigned this Dec 20, 2022
@vinokurig vinokurig mentioned this issue Dec 29, 2022
Merged
9 tasks
@svor svor mentioned this issue Jan 9, 2023
Closed
82 tasks
@vinokurig
Copy link
Contributor

The PR is relevant only for GitHub case. GitLab and Bitbucket don't have the necessary API to revoke oAuth app token. An exception is thrown for the unsupported providers, so dashboard can handle it by viewing a notification.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vinokurig vinokurig

Labels
area/security kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system. sprint/next
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix Delete oauth token API method eclipse-che/che-server
5 participants
@ibuziuk @olexii4 @vinokurig @che-bot @Kasturi1820