[ARVADOS] created: 1a2d8a738cf017c7b3f3234a1ea1aa90abb8162e
git at public.curoverse.com
git at public.curoverse.com
Thu May 21 16:53:46 EDT 2015
at 1a2d8a738cf017c7b3f3234a1ea1aa90abb8162e (commit)
commit 1a2d8a738cf017c7b3f3234a1ea1aa90abb8162e
Author: Tom Clegg <tom at curoverse.com>
Date: Thu May 21 16:51:52 2015 -0400
6087: Get database time only once per manifest-signing/verifying event, rather than once per locator.
diff --git a/services/api/app/models/blob.rb b/services/api/app/models/blob.rb
index 799279d..7ae13ef 100644
--- a/services/api/app/models/blob.rb
+++ b/services/api/app/models/blob.rb
@@ -91,7 +91,7 @@ class Blob
if !timestamp.match /^[\da-f]+$/
raise Blob::InvalidSignatureError.new 'Timestamp is not a base16 number.'
end
- if timestamp.to_i(16) < db_current_time.to_i
+ if timestamp.to_i(16) < (opts[:now] or db_current_time.to_i)
raise Blob::InvalidSignatureError.new 'Signature expiry time has passed.'
end
diff --git a/services/api/app/models/collection.rb b/services/api/app/models/collection.rb
index ccfb35e..7f93e20 100644
--- a/services/api/app/models/collection.rb
+++ b/services/api/app/models/collection.rb
@@ -1,6 +1,7 @@
require 'arvados/keep'
class Collection < ArvadosModel
+ extend DbCurrentTime
include HasUuid
include KindAndEtag
include CommonApiTemplate
@@ -60,7 +61,7 @@ class Collection < ArvadosModel
signing_opts = {
key: Rails.configuration.blob_signing_key,
api_token: api_token,
- ttl: Rails.configuration.blob_signature_ttl,
+ now: db_current_time.to_i,
}
self.manifest_text.lines.each do |entry|
entry.split[1..-1].each do |tok|
@@ -195,7 +196,7 @@ class Collection < ArvadosModel
signing_opts = {
key: Rails.configuration.blob_signing_key,
api_token: token,
- ttl: Rails.configuration.blob_signature_ttl,
+ expire: db_current_time.to_i + Rails.configuration.blob_signature_ttl,
}
m = manifest.dup
munge_manifest_locators!(m) do |loc|
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list