From: Lucas Di Pentima Date: Mon, 8 Feb 2021 21:16:52 +0000 (-0300) Subject: 16736: Replaces Time.now with db_current_time on token expiration handling code. X-Git-Tag: 2.2.0~119^2~2 X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/46a5e3958ce98fd1bca4f035dab83ea4c39e6666 16736: Replaces Time.now with db_current_time on token expiration handling code. Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima --- diff --git a/services/api/app/controllers/user_sessions_controller.rb b/services/api/app/controllers/user_sessions_controller.rb index da0523d2b0..8e9a26b7a8 100644 --- a/services/api/app/controllers/user_sessions_controller.rb +++ b/services/api/app/controllers/user_sessions_controller.rb @@ -158,9 +158,9 @@ class UserSessionsController < ApplicationController end if Rails.configuration.Login.TokenLifetime > 0 if token_expiration == nil - token_expiration = Time.now + Rails.configuration.Login.TokenLifetime + token_expiration = db_current_time + Rails.configuration.Login.TokenLifetime else - token_expiration = [token_expiration, Time.now + Rails.configuration.Login.TokenLifetime].min + token_expiration = [token_expiration, db_current_time + Rails.configuration.Login.TokenLifetime].min end end diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb index 4218645d5d..03e1b38fdc 100644 --- a/services/api/app/models/api_client_authorization.rb +++ b/services/api/app/models/api_client_authorization.rb @@ -7,6 +7,7 @@ class ApiClientAuthorization < ArvadosModel include KindAndEtag include CommonApiTemplate extend CurrentApiClient + extend DbCurrentTime belongs_to :api_client belongs_to :user @@ -356,7 +357,7 @@ class ApiClientAuthorization < ArvadosModel auth.update_attributes!(user: user, api_token: stored_secret, api_client_id: 0, - expires_at: Time.now + Rails.configuration.Login.RemoteTokenRefresh) + expires_at: db_current_time + Rails.configuration.Login.RemoteTokenRefresh) Rails.logger.debug "cached remote token #{token_uuid} with secret #{stored_secret} in local db" auth.api_token = secret return auth @@ -388,7 +389,7 @@ class ApiClientAuthorization < ArvadosModel def clamp_token_expiration if !current_user.andand.is_admin && Rails.configuration.API.MaxTokenLifetime > 0 - max_token_expiration = Time.now + Rails.configuration.API.MaxTokenLifetime + max_token_expiration = db_current_time + Rails.configuration.API.MaxTokenLifetime if self.new_record? && (self.expires_at.nil? || self.expires_at > max_token_expiration) self.expires_at = max_token_expiration elsif !self.new_record? && self.expires_at_changed? && (self.expires_at.nil? || self.expires_at > max_token_expiration) diff --git a/services/api/test/integration/api_client_authorizations_api_test.rb b/services/api/test/integration/api_client_authorizations_api_test.rb index 3a7b201312..ce79fc5579 100644 --- a/services/api/test/integration/api_client_authorizations_api_test.rb +++ b/services/api/test/integration/api_client_authorizations_api_test.rb @@ -5,6 +5,8 @@ require 'test_helper' class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest + include DbCurrentTime + extend DbCurrentTime fixtures :all test "create system auth" do @@ -74,12 +76,12 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest assert_response 403 end - [nil, Time.now + 2.hours].each do |desired_expiration| + [nil, db_current_time + 2.hours].each do |desired_expiration| test "expires_at gets clamped on non-admins when API.MaxTokenLifetime is set and desired expires_at #{desired_expiration.nil? ? 'is not set' : 'exceeds the limit'}" do Rails.configuration.API.MaxTokenLifetime = 1.hour # Test token creation - start_t = Time.now + start_t = db_current_time post "/arvados/v1/api_client_authorizations", params: { :format => :json, @@ -89,7 +91,7 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest } }, headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:active_trustedclient).api_token}"} - end_t = Time.now + end_t = db_current_time assert_response 200 expiration_t = json_response['expires_at'].to_time assert_operator expiration_t.to_f, :>, (start_t + Rails.configuration.API.MaxTokenLifetime).to_f @@ -102,7 +104,7 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest # Test token update previous_expiration = expiration_t token_uuid = json_response["uuid"] - start_t = Time.now + start_t = db_current_time put "/arvados/v1/api_client_authorizations/#{token_uuid}", params: { :api_client_authorization => { @@ -110,7 +112,7 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest } }, headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:active_trustedclient).api_token}"} - end_t = Time.now + end_t = db_current_time assert_response 200 expiration_t = json_response['expires_at'].to_time assert_operator previous_expiration.to_f, :<, expiration_t.to_f @@ -146,7 +148,7 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest previous_expiration = json_response['expires_at'] token_uuid = json_response['uuid'] if previous_expiration.nil? - desired_updated_expiration = Time.now + Rails.configuration.API.MaxTokenLifetime + 1.hour + desired_updated_expiration = db_current_time + Rails.configuration.API.MaxTokenLifetime + 1.hour else desired_updated_expiration = nil end