erp5_oauth2_authorisation: Do not edit OAuth2 Session on every refresh token issuance
Malevolent users may decide to only - and repeatedly - present an otherwise valid refresh token, causing the issuance of a new access tokens everytime, likely along with new refresh tokens, causing many ZODB writes. Avoid this by pushing the token expiration date by one lifespan accuracy, so there can only be one write per session per lifespan accuracy period.
| Status | Job ID | Name | Coverage | ||||||
|---|---|---|---|---|---|---|---|---|---|
| External | |||||||||
| passed |
#737160
external
|
P-PSA.UnitTest-KDPortal |
01:34:14
|
||||||
| passed |
#736107
external
retried
|
P-PSA.UnitTest-KDPortal |
01:51:20
|
||||||
| passed |
#733191
external
retried
|
P-PSA.UnitTest-KDPortal |
01:10:13
|
||||||
| passed |
#733011
external
retried
|
P-PSA.UnitTest-KDPortal |
01:33:46
|
||||||
| passed |
#725658
external
retried
|
P-PSA.UnitTest-KDPortal |
01:18:02
|
||||||