Skip to content

Fix potential bug in concurrent token refresh support #53668

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 18, 2020
Merged

Fix potential bug in concurrent token refresh support #53668

merged 1 commit into from
Mar 18, 2020

Conversation

@jkakavas
Copy link
Contributor

@jkakavas jkakavas commented Mar 17, 2020

Ensure that we do not proceed with execution after calling the
listener's onFailure

@jkakavas
Fix potential bug in concurrent token refresh support
57e91af 
Ensure that we do not proceed execution after calling the
listerer's onFailure
@jkakavas jkakavas added >bug :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v8.0.0 v7.7.0 v7.6.2 labels Mar 17, 2020
@jkakavas jkakavas requested a review from ywangd March 17, 2020 14:35
@elasticmachine
Copy link
Collaborator

elasticmachine commented Mar 17, 2020

Pinging @elastic/es-security (:Security/Authentication)

ywangd
ywangd approved these changes Mar 18, 2020
View reviewed changes
Copy link
Member

@ywangd ywangd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java
if (decryptedTokens.length != 2) {
logger.warn("Decrypted tokens string is not correctly formatted");
listener.onFailure(invalidGrantException("could not refresh the requested token"));
} else {
Copy link
Member

@ywangd ywangd Mar 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This sure works. An alternative is to "return" immediately after "onFailure", which could be safer for future changes, e.g. a new statement is accidentally added below to this if-else block.

@jkakavas jkakavas merged commit bb89c62 into elastic:master Mar 18, 2020
@jkakavas jkakavas mentioned this pull request Mar 18, 2020
Merged
jkakavas added a commit to jkakavas/elasticsearch that referenced this pull request Mar 18, 2020
@jkakavas
Fix potential bug in concurrent token refresh support (elastic#53668)
c7e4d90 
Ensure that we do not proceed execution after calling the
listerer's onFailure
@jkakavas jkakavas mentioned this pull request Mar 18, 2020
Merged
jkakavas added a commit to jkakavas/elasticsearch that referenced this pull request Mar 18, 2020
@jkakavas
Fix potential bug in concurrent token refresh support (elastic#53668)
e655a09 
Ensure that we do not proceed execution after calling the
listerer's onFailure
jkakavas added a commit that referenced this pull request Mar 18, 2020
@jkakavas
Fix potential bug in concurrent token refresh support (#53668) (#53705)
873d0ec 
Ensure that we do not proceed execution after calling the
listerer's onFailure
jkakavas added a commit that referenced this pull request Mar 18, 2020
@jkakavas
Fix potential bug in concurrent token refresh support (#53668) (#53706)
b130eb5 
Ensure that we do not proceed execution after calling the
listerer's onFailure
@codebrain codebrain mentioned this pull request Apr 1, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ywangd ywangd ywangd approved these changes

Assignees

No one assigned

Labels

>bug :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v7.6.2 v7.7.0 v8.0.0-alpha1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jkakavas @elasticmachine @ywangd @jakelandis