[RTFACT-14510] Download / upload fails using access token with subject longer than 64 characters Created: 03/Jul/17  Updated: 10/Jul/17  Resolved: 03/Jul/17

Status: Resolved
Project: Artifactory Binary Repository
Component/s: Access Tokens, Database
Affects Version/s: 5.4.2
Fix Version/s: 5.4.3

Type: Bug Priority: High
Reporter: Shlomi Kriheli (Inactive) Assignee: Yinon Avraham
Resolution: Fixed Votes: 0
Labels: None


Since 5.4.2, the principal username when an access token is used is the subject from the token. The max length of username holding columns in the database is 64 characters (columns such as nodes.created_by, stats.last_downloaded_by, etc.).
When the subject is longer than 64 characters the action fails (e.g. upload, download, etc.), usually with 500, because the username is too long.

The fix:
Extract the username from the subject, add a prefix "token:" and trim to 64 characters if needed (write to the audit log if the result was trimmed)
Assuming a token with subject: "jfrt@123/users/the_username"
Until Artifactory version 5.4.1 (inclusive) the principal username was: "the_username"
In Artifactory version 5.4.2 we changed the principal username to be the full subject
In this fix, the principal's username should now be: "token:the_username"

Generated at Tue Aug 11 16:24:30 UTC 2020 using Jira 8.5.3#805003-sha1:b4933e02eaff29a49114274fe59e1f99d9d963d7.