Skip to content
Snippets Groups Projects
Commit 9fad0602 authored by m.nabokikh's avatar m.nabokikh
Browse files

fix: do not update offlinesession lastUsed field if refresh token was not change 


Signed-off-by: default avatarm.nabokikh <maksim.nabokikh@flant.com>
parent c319983e
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
server/refreshhandlers.go
+ 7
5
View file @ 9fad0602
...@@ -227,16 +227,13 @@ func (s *Server) updateRefreshToken(token *internal.RefreshToken, refresh *stora ...@@ -227,16 +227,13 @@ func (s *Server) updateRefreshToken(token *internal.RefreshToken, refresh *stora
lastUsed := s.now() lastUsed := s.now()
rerr := s.updateOfflineSession(refresh, ident, lastUsed)
if rerr != nil {
return nil, rerr
}
refreshTokenUpdater := func(old storage.RefreshToken) (storage.RefreshToken, error) { refreshTokenUpdater := func(old storage.RefreshToken) (storage.RefreshToken, error) {
if s.refreshTokenPolicy.RotationEnabled() { if s.refreshTokenPolicy.RotationEnabled() {
if old.Token != token.Token { if old.Token != token.Token {
if s.refreshTokenPolicy.AllowedToReuse(old.LastUsed) && old.ObsoleteToken == token.Token { if s.refreshTokenPolicy.AllowedToReuse(old.LastUsed) && old.ObsoleteToken == token.Token {
newToken.Token = old.Token newToken.Token = old.Token
// Do not update last used time for offline session if token is allowed to be reused
lastUsed = old.LastUsed
return old, nil return old, nil
} }
return old, errors.New("refresh token claimed twice") return old, errors.New("refresh token claimed twice")
...@@ -268,6 +265,11 @@ func (s *Server) updateRefreshToken(token *internal.RefreshToken, refresh *stora ...@@ -268,6 +265,11 @@ func (s *Server) updateRefreshToken(token *internal.RefreshToken, refresh *stora
return nil, newInternalServerError() return nil, newInternalServerError()
} }
rerr := s.updateOfflineSession(refresh, ident, lastUsed)
if rerr != nil {
return nil, rerr
}
return newToken, nil return newToken, nil
} }
......
storage/kubernetes/storage.go
+ 3
2
View file @ 9fad0602
...@@ -740,13 +740,14 @@ func retryOnConflict(ctx context.Context, action func() error) error { ...@@ -740,13 +740,14 @@ func retryOnConflict(ctx context.Context, action func() error) error {
for { for {
select { select {
case <-time.After(getNextStep()): case <-time.After(getNextStep()):
if err := action(); err == nil || !isKubernetesAPIConflictError(err) { err := action()
if err == nil || !isKubernetesAPIConflictError(err) {
return err return err
} }
attempts++ attempts++
if attempts >= 4 { if attempts >= 4 {
return errors.New("maximum timeout reached while retrying a conflicted request") return fmt.Errorf("maximum timeout reached while retrying a conflicted request: %w", err)
} }
case <-ctx.Done(): case <-ctx.Done():
return errors.New("canceled") return errors.New("canceled")
......
storage/kubernetes/storage_test.go
+ 1
1
View file @ 9fad0602
...@@ -262,7 +262,7 @@ func TestRetryOnConflict(t *testing.T) { ...@@ -262,7 +262,7 @@ func TestRetryOnConflict(t *testing.T) {
{ {
"Timeout reached", "Timeout reached",
func() error { err := httpErr{status: 409}; return error(&err) }, func() error { err := httpErr{status: 409}; return error(&err) },
"maximum timeout reached while retrying a conflicted request", "maximum timeout reached while retrying a conflicted request: Conflict: response from server \"\"",
}, },
{ {
"HTTP Error", "HTTP Error",
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment