diff --git a/controller/northbound/server/auth.go b/controller/northbound/server/auth.go index cf6c370d20baa8282f72955d9854e3798b95bd43..6d9e6410d3cd3bcb20c53a1edd88f24cf43dc1c7 100644 --- a/controller/northbound/server/auth.go +++ b/controller/northbound/server/auth.go @@ -183,21 +183,9 @@ func (s AuthServer) handleLogout(ctx context.Context, userName string) error { return err } - storedTokens := storedUser.GetTokens() - foundToken := false - for _, storedToken := range storedTokens { - if storedToken == token { - err := storedUser.RemoveToken(token) - if err != nil { - return status.Errorf(codes.Aborted, "error checking match of token provied for user") - } - foundToken = true - break - } - } - - if !foundToken { - return status.Errorf(codes.Aborted, "missing match of token provied for user") + err = removeTokenFromUserIfExists(storedUser, token) + if err != nil { + status.Errorf(codes.Aborted, "Error removing token from user, it was either already logged out or otherwise not found") } err = s.userService.Update(&rbac.User{UserID: storedUser.ID(), @@ -227,3 +215,17 @@ func addTokenAndEnsureTokenLimit(userToUpdate rbacInterfaces.User, token string) } return nil } + +func removeTokenFromUserIfExists(storedUser rbacInterfaces.User, token string) error { + storedTokens := storedUser.GetTokens() + for _, storedToken := range storedTokens { + if storedToken == token { + err := storedUser.RemoveToken(token) + if err != nil { + return errors.New("could not remove token from user") + } + return nil + } + } + return errors.New("token not found for user") +} diff --git a/controller/northbound/server/auth_test.go b/controller/northbound/server/auth_test.go index 8712b7da535fade6828de01d2847060fce91eef8..8ad8cb6de1b5042d68debf09db1751507f5e3731 100644 --- a/controller/northbound/server/auth_test.go +++ b/controller/northbound/server/auth_test.go @@ -319,3 +319,19 @@ func TestAuth_addTokenAndEnsureTokenLimit_removeOldKey(t *testing.T) { assert.Equal(t, "token2", user.GetTokens()[0]) assert.Equal(t, "token3", user.GetTokens()[1]) } +func Test_removeTokenFromUserIfExists(t *testing.T) { + config.MaxTokensPerUser = 100 + user := rbac.NewUser(uuid.New(), "testUser", map[string]string{}, "password", []string{"token1", "token2", "token3"}, "salt", conflict.Metadata{ResourceVersion: 0}) + + err := removeTokenFromUserIfExists(user, "token2") + assert.Nil(t, err) + assert.Equal(t, []string{"token1", "token3"}, user.GetTokens()) + + err = removeTokenFromUserIfExists(user, "token4") + assert.NotNil(t, err) + assert.Equal(t, []string{"token1", "token3"}, user.GetTokens()) + + user = rbac.NewUser(uuid.New(), "testUser", map[string]string{}, "password", []string{}, "salt", conflict.Metadata{ResourceVersion: 0}) + err = removeTokenFromUserIfExists(user, "token4") + assert.NotNil(t, err) +}