[ARVADOS] updated: 1.3.0-3126-g91a7d2e6b

Git user git at public.arvados.org
Wed Sep 16 14:59:25 UTC 2020 

Summary of changes:
 lib/controller/localdb/login_oidc.go | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

       via  91a7d2e6bb09fe12bcf18f0b0340c63cf27fae23 (commit)
      from  3403e16f521f2ea82a9bc6573b25c62320ca59b4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 91a7d2e6bb09fe12bcf18f0b0340c63cf27fae23
Author: Tom Clegg <tom at tomclegg.ca>
Date:   Wed Sep 16 10:57:07 2020 -0400

    16669: Set expiry time when inserting new access token record.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>

diff --git a/lib/controller/localdb/login_oidc.go b/lib/controller/localdb/login_oidc.go
index c89fdbfe7..3858e9cf6 100644
--- a/lib/controller/localdb/login_oidc.go
+++ b/lib/controller/localdb/login_oidc.go
@@ -462,11 +462,16 @@ func (ta *oidcTokenAuthorizer) registerToken(ctx context.Context, tok string) er
 		return err
 	}
 
+	// Expiry time for our token is one minute longer than our
+	// cache TTL, so we don't pass it through to RailsAPI just as
+	// it's expiring.
+	exp := time.Now().Add(tokenCacheTTL + time.Minute)
+
 	var aca arvados.APIClientAuthorization
 	if updating {
-		_, err = tx.ExecContext(ctx, `update api_client_authorizations set expires_at=$1 where api_token=$2`, time.Now().Add(tokenCacheTTL+time.Minute), hmac)
+		_, err = tx.ExecContext(ctx, `update api_client_authorizations set expires_at=$1 where api_token=$2`, exp, hmac)
 		if err != nil {
-			return fmt.Errorf("error adding OIDC access token to database: %w", err)
+			return fmt.Errorf("error updating token expiry time: %w", err)
 		}
 		ctxlog.FromContext(ctx).WithField("HMAC", hmac).Debug("(*oidcTokenAuthorizer)registerToken: updated api_client_authorizations row")
 	} else {
@@ -474,7 +479,7 @@ func (ta *oidcTokenAuthorizer) registerToken(ctx context.Context, tok string) er
 		if err != nil {
 			return err
 		}
-		_, err = tx.ExecContext(ctx, `update api_client_authorizations set api_token=$1 where uuid=$2`, hmac, aca.UUID)
+		_, err = tx.ExecContext(ctx, `update api_client_authorizations set api_token=$1, expires_at=$2 where uuid=$3`, hmac, exp, aca.UUID)
 		if err != nil {
 			return fmt.Errorf("error adding OIDC access token to database: %w", err)
 		}

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list