@@ -459,6 +459,7 @@ class TaskBackend {
459459 ...state.versions! .entries
460460 .where ((e) => deselectedVersions.contains (e.key))
461461 .map ((e) => e.value)
462+ .where ((vs) => vs.secretToken != null )
462463 .map (
463464 (vs) => AbortedTokenInfo (
464465 token: vs.secretToken! ,
@@ -1190,18 +1191,18 @@ PackageVersionStateInfo _authorizeWorkerCallback(
11901191 PackageState state,
11911192 String token,
11921193) {
1194+ // fixed-time verification of aborted tokens
1195+ final isKnownAbortedToken = state.abortedTokens
1196+ ? .map ((t) => t.isAuthorized (token))
1197+ .fold <bool >(false , (a, b) => a || b);
1198+ if (isKnownAbortedToken ?? false ) {
1199+ throw TaskAbortedException ('$package /$version has been aborted.' );
1200+ }
1201+
11931202 final versionState = state.versions! [version];
11941203 if (versionState == null ) {
1195- // check if the task was aborted
1196- final abortedToken =
1197- state.abortedTokens? .firstWhereOrNull ((t) => t.token == token);
1198- if (abortedToken != null && abortedToken.expires.isBefore (clock.now ())) {
1199- throw TaskAbortedException ('$package /$version has been aborted.' );
1200- }
1201- // otherwise throw a generic not found error
12021204 throw NotFoundException .resource ('$package /$version ' );
12031205 }
1204-
12051206 // Check the secret token
12061207 if (! versionState.isAuthorized (token)) {
12071208 throw AuthenticationException .authenticationRequired ();
0 commit comments