search

SoftInstigate / restheart

Rapid API Development with MongoDB
https://restheart.org
GNU Affero General Public License v3.0
805 stars 171 forks source link

jwtTokenManager does not add account properties other than roles #445

Closed ujibang closed 1 year ago

ujibang commented 1 year ago

The jwtTokenManager returns the account as a PwdCredentialAccount even if the MongoRealmAuthenticator or FileRealmAuthenticator are used.

These authenticators are able to hold more account properties that can be used in the ACL permissions.

Expected Behavior

ThejwtTokenManager should be configurable add selected properties to the signed token.

Current Behavior

ThejwtTokenManager returns the account as a PwdCredentialAccount. This does not allow storing additional properties.

Context

If the ACL uses a predicate on a user property, such as:

{ "mongo": {
  "readFilter": { "tenants": { "_$exists": true, "$in": "@user.tenants"  }  }
}

The predicate will fail because the property tenants is not available.

Environment

affected version: RESTHeart 7.1

ujibang commented 1 year ago

fixed by 23ae157a37057b30e89aa5777179cea8f9cec130

will be in 7.4