import (
"context"
+ "errors"
+ "fmt"
+ "strings"
"git.arvados.org/arvados.git/lib/ctrlctx"
- "git.arvados.org/arvados.git/sdk/go/arvados"
+ "git.arvados.org/arvados.git/sdk/go/auth"
)
func (conn *Conn) ExpireAPIClientAuthorization(ctx context.Context) error {
- aca, err := conn.railsProxy.APIClientAuthorizationCurrent(ctx, arvados.GetOptions{})
+ creds, ok := auth.FromContext(ctx)
+
+ if !ok {
+ return errors.New("credentials not found from context")
+ }
+
+ if len(creds.Tokens) < 1 {
+ return errors.New("no tokens found to expire")
+ }
+
+ token := creds.Tokens[0]
+ tokensecret := token
+ if strings.Contains(token, "/") {
+ tokenparts := strings.Split(token, "/")
+ if len(tokenparts) >= 3 {
+ tokensecret = tokenparts[2]
+ }
+ }
+
+ tx, err := ctrlctx.CurrentTx(ctx)
if err != nil {
return err
}
- tx, err := ctrlctx.CurrentTx(ctx)
+
+ res, err := tx.ExecContext(ctx, "UPDATE api_client_authorizations SET expires_at=current_timestamp WHERE api_token=$1", tokensecret)
if err != nil {
return err
}
- err = tx.QueryRowxContext(ctx, "UPDATE api_client_authorizations SET expires_at=current_timestamp WHERE uuid=$1", aca.UUID).Err()
+ rows, err := res.RowsAffected()
if err != nil {
return err
}
+ if rows != 1 {
+ return fmt.Errorf("token expiration affected rows: %d - token: %s", rows, token)
+ }
return nil
}