User data in dashboard is updated from data contained in macaroons
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Snap Store Server |
Fix Released
|
High
|
Unassigned | ||
Bug Description
The logic in dashboard which updates user data (full name, email address) triggers when e.g. a Launchpad build is initiated, and potentially during other sign-in operations, and updates that data from what is contained in the dashboard macaroon at the time it was minted.
This presents a problem if:
1- user issues a macaroon containing name X and configures an automated build with hit.
2- User then changes their name to Y, in Ubuntu SSO and dashboard.
3- An automated build with macaroon #1 is fired. Dashboard will overwrite the name changes from #2 with outdated information from #1.
A real-world case of this was reported and diagnosed here: https:/
I believe the offending code in dashboard is the _update_
2022-11-15 16:22:17.431Z INFO devportal.
To contrast, when the user logged in manually (which properly fetches fresh information from SSO directly), the source of the update is different:
2022-11-15 12:05:09.280Z INFO devportal.
SN-1112
| Changed in snapstore-server: | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| Daniel Manrique (roadmr) wrote | #1 |
| description: | updated |
| description: | updated |
| David (lofidevops) wrote | #2 |
| David (lofidevops) wrote | #3 |
| Changed in snapstore-server: | |
| status: | Confirmed → Fix Released |
Build that purportedly triggered the change:
https:/
The build started at 16:05 and took 14 minutes, finishing at 16:19, which is slightly earlier than the 16:22 timestamp of the update as seen above - but that might be a publishing delay or something.