Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-14510

Download / upload fails using access token with subject longer than 64 characters

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 5.4.2
    • Fix Version/s: 5.4.3
    • Component/s: Access Tokens, Database
    • Labels:
      None

      Description

      Since 5.4.2, the principal username when an access token is used is the subject from the token. The max length of username holding columns in the database is 64 characters (columns such as nodes.created_by, stats.last_downloaded_by, etc.).
      When the subject is longer than 64 characters the action fails (e.g. upload, download, etc.), usually with 500, because the username is too long.

      The fix:
      Extract the username from the subject, add a prefix "token:" and trim to 64 characters if needed (write to the audit log if the result was trimmed)
      Example:
      Assuming a token with subject: "jfrt@123/users/the_username"
      Until Artifactory version 5.4.1 (inclusive) the principal username was: "the_username"
      In Artifactory version 5.4.2 we changed the principal username to be the full subject
      In this fix, the principal's username should now be: "token:the_username"

        Attachments

          Activity

            People

            • Assignee:
              yinona Yinon Avraham
              Reporter:
              krihelis Shlomi Kriheli
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: