Skip to content

erp5
erp5

erp5_oauth2_authorisation: Do not edit OAuth2 Session on every refresh token issuance 

Malevolent users may decide to only - and repeatedly - present an otherwise
valid refresh token, causing the issuance of a new access tokens everytime,
likely along with new refresh tokens, causing many ZODB writes.
Avoid this by pushing the token expiration date by one lifespan accuracy,
so there can only be one write per session per lifespan accuracy period.
1 job for kd-portal in 0 seconds
latest
8db1f256 8db1f25663ff5c2d7f54f34cc8aa18f1eda1344b
No related merge requests found.
Status Job ID Name Coverage
  External
passed #725658
external
P-PSA.UnitTest-KDPortal

01:18:02

 
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7