Issue Summary

When an unlicensed user tries to clone or push a repository using an SSH key(added in the user profile), the "Last authenticated" field on the Users page is updated, even if the user lacks any permissions in Bitbucket.

Steps to Reproduce

• Create an SSH key and add it to a user's profile in Bitbucket.
• Remove the user from the global permissions page to make it unlicensed.
• Attempt to clone a repository from Bitbucket using the SSH key. Although the clone will fail, the "Last authenticated" field on the Users page will still be updated.

Expected Results

The "Last authenticated" field should only be updated when the user is properly authenticated and has the necessary permissions to carry out that specific task.

Actual Results

Due to lack of permissions, the clone or push operation fails, which is the correct behavior. However, the "Last authenticated" field is updated, which might lead an administrator to believe that an unlicensed user without any permissions performed a task in Bitbucket using the SSH key.

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available