projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5e846bd)
16669: Fix cache bug.
authorTom Clegg <tom@curii.com>
Mon, 25 Jan 2021 21:01:51 +0000 (16:01 -0500)
committerTom Clegg <tom@curii.com>
Mon, 25 Jan 2021 21:01:51 +0000 (16:01 -0500)
When caching a valid token we were updating the database with
exp=now+10m but updating the cache with exp="". When checking the
cache, exp="" indicates we don't need to re-check the access token and
extend the database entry's expiry field -- so we never did, we just
passed through the HMAC, which RailsAPI rejected based on the expiry
time in the database row.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>

lib/controller/localdb/login_oidc.go patch | blob | history

diff --git a/lib/controller/localdb/login_oidc.go b/lib/controller/localdb/login_oidc.go
index b99a1c2aa5b9fc47f4d461615873cc6204c24b80..1fa4da7766a891580fbabe2427febbb866e9c067 100644 (file)
--- a/lib/controller/localdb/login_oidc.go
+++ b/lib/controller/localdb/login_oidc.go
@@ -488,6 +488,7 @@ func (ta *oidcTokenAuthorizer) registerToken(ctx context.Context, tok string) er
        if err != nil {
                return err
        }
+       aca.ExpiresAt = exp.Format(time.RFC3339Nano)
        ta.cache.Add(tok, aca)
        return nil
 }