From 079b81b2552604369bbc0fc213318fd926afd11a Mon Sep 17 00:00:00 2001
From: Alex Hung <alexh@jfrog.com>
Date: Tue, 14 Jan 2025 09:15:09 -0800
Subject: [PATCH] Improve request path matching for lease revoke

---
 secret_access_token.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/secret_access_token.go b/secret_access_token.go
index ffe2ed9..ce4c1f5 100644
--- a/secret_access_token.go
+++ b/secret_access_token.go
@@ -96,15 +96,16 @@ func (b *backend) secretAccessTokenRevoke(ctx context.Context, req *logical.Requ
 		return logical.ErrorResponse("backend not configured"), nil
 	}
 
-	// logger.Debug("request", "Path", req.Path, "Secret.InternalData", req.Secret.InternalData)
+	// logger.Debug("req", "Path", req.Path, "Secret.InternalData", req.Secret.InternalData)
 
 	if config.AccessToken == "" {
-		if strings.Contains(req.Path, "token/") {
+		// check if this is admin token
+		if strings.HasPrefix(req.Path, "token/") {
 			return logical.ErrorResponse("admin access_token is not configured"), nil
 		}
 
 		// try to use user token
-		if strings.Contains(req.Path, "user_token/") {
+		if strings.HasPrefix(req.Path, "user_token/") {
 			logger.Debug("admin access token is empty and request path is user_token")
 			username := req.Secret.InternalData["username"].(string)
 			userTokenConfig, err := b.fetchUserTokenConfiguration(ctx, req.Storage, username)