Pagination is wrong when listing consent session on Ory/Hydra - Githubissues

ory / hydra

OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.

https://www.ory.sh/hydra/?utm_source=github&utm_medium=banner&utm_campaign=hydra

Apache License 2.0

15.27k stars 1.47k forks source link

Pagination is wrong when listing consent session on Ory/Hydra #3789

Open supercairos opened 1 week ago

supercairos commented 1 week ago

Preflight checklist

[X] I could not find a solution in the existing issues, docs, nor discussions.
[X] I agree to follow this project's Code of Conduct.
[X] I have read and am following this repository's Contribution Guidelines.
[X] I have joined the Ory Community Slack.
[X] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

When listing all consent session, Hydra filters out the expired consent sessions. https://github.com/ory/hydra/blob/eeaf6f01bcddc85569604702c0e9c2f3857d1902/persistence/sql/persister_consent.go#L548

But when counting the availlable consent sessions, Hydra doesn't filter out the expired consent sessions. https://github.com/ory/hydra/blob/eeaf6f01bcddc85569604702c0e9c2f3857d1902/persistence/sql/persister_consent.go#L601

Leading to an inconsistency between the pagination and the returned consent session.

Reproducing the bug

Have some expired session in your DB.

List all sessions. notice the pagination header is wrong.

Relevant log output

No response

Relevant configuration

Ory/Hydra 2.2.0

Version

2.2.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes with Helm

Additional Context

No response