mirror
/
dex
mirror of https://github.com/dexidp/dex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #2300 from flant/do-not-update-offline-session-last-time 

fix: do not update offlinesession lastUsed field if refresh token was not updated
pull/2308/head
Maksim Nabokikh 5 years ago committed by GitHub
parent
18311aa44d 9fad0602ec
commit
84b241721e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      server/refreshhandlers.go
  2. 5
      storage/kubernetes/storage.go
  3. 2
      storage/kubernetes/storage_test.go

12
server/refreshhandlers.go
Unescape View File

@ -227,16 +227,13 @@ func (s *Server) updateRefreshToken(token *internal.RefreshToken, refresh *stora
lastUsed := s.now()
rerr := s.updateOfflineSession(refresh, ident, lastUsed)
if rerr != nil {
return nil, rerr
}
refreshTokenUpdater := func(old storage.RefreshToken) (storage.RefreshToken, error) {
if s.refreshTokenPolicy.RotationEnabled() {
if old.Token != token.Token {
if s.refreshTokenPolicy.AllowedToReuse(old.LastUsed) && old.ObsoleteToken == token.Token {
newToken.Token = old.Token
// Do not update last used time for offline session if token is allowed to be reused
lastUsed = old.LastUsed
return old, nil
}
return old, errors.New("refresh token claimed twice")
@ -268,6 +265,11 @@ func (s *Server) updateRefreshToken(token *internal.RefreshToken, refresh *stora
return nil, newInternalServerError()
}
rerr := s.updateOfflineSession(refresh, ident, lastUsed)
if rerr != nil {
return nil, rerr
}
return newToken, nil
}

5
storage/kubernetes/storage.go
Unescape View File

@ -740,13 +740,14 @@ func retryOnConflict(ctx context.Context, action func() error) error {
for {
select {
case <-time.After(getNextStep()):
if err := action(); err == nil || !isKubernetesAPIConflictError(err) {
err := action()
if err == nil || !isKubernetesAPIConflictError(err) {
return err
}
attempts++
if attempts >= 4 {
return errors.New("maximum timeout reached while retrying a conflicted request")
return fmt.Errorf("maximum timeout reached while retrying a conflicted request: %w", err)
}
case <-ctx.Done():
return errors.New("canceled")

2
storage/kubernetes/storage_test.go
Unescape View File

@ -262,7 +262,7 @@ func TestRetryOnConflict(t *testing.T) {
{
"Timeout reached",
func() error { err := httpErr{status: 409}; return error(&err) },
"maximum timeout reached while retrying a conflicted request",
"maximum timeout reached while retrying a conflicted request: Conflict: response from server \"\"",
},
{
"HTTP Error",

Write Preview
Loading…
Cancel
Save