Skip to content

Don't invalidate refresh token a second time #64259

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 30, 2020
Merged

Don't invalidate refresh token a second time #64259

merged 1 commit into from
Oct 30, 2020

Conversation

@tvernum
Copy link
Contributor

@tvernum tvernum commented Oct 28, 2020

This changes the token service so that it recognizes when a refresh
token is already invalidated and does not attempt to invalidated it
again.

Although the update would be detected as a no-op and handled
appropriately, the code could fail if the underlying document was
deleted between the search and the update.

Since we know that update will be a no-op, we can skip any attempt to
do the update, and return immediately.

Relates: #56903

@tvernum
Don't invalidate refresh token a second time
cae6318 
This changes the token service so that it recognises when a refresh
token is already invalidated and does not attempt to invalidated it
again.

Although the update would be detected as a no-op and handled
appropriately, the code could fail if the underlying document was
deleted between the search and the update.

Since we know that update will be a no-op, we can skip any attempt to
do the update, and return immediately.

Relates: elastic#56903
@tvernum tvernum added >bug :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v8.0.0 v7.11.0 labels Oct 28, 2020
@tvernum tvernum requested a review from jkakavas October 28, 2020 06:07
jkakavas
jkakavas approved these changes Oct 29, 2020
View reviewed changes
Copy link
Contributor

@jkakavas jkakavas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tvernum tvernum merged commit c835ed4 into elastic:master Oct 30, 2020
tvernum added a commit that referenced this pull request Oct 30, 2020
@tvernum
Fix test compile issue
001d16c 
Rebasing #64259 on top of #64031 introduced a test compile error, but
it looks like PR-CI failed to run the correct set of checks so the PR
was green and was merged.

This change fixes those compile issues.
tvernum added a commit to tvernum/elasticsearch that referenced this pull request Nov 6, 2020
@tvernum
Don't invalidate refresh token a second time
8cb97bf 
This changes the token service so that it recognises when a refresh
token is already invalidated and does not attempt to invalidated it
again.

Although the update would be detected as a no-op and handled
appropriately, the code could fail if the underlying document was
deleted between the search and the update.

Since we know that update will be a no-op, we can skip any attempt to
do the update, and return immediately.

Backport of: elastic#64259
@tvernum tvernum mentioned this pull request Nov 6, 2020
Merged
tvernum added a commit that referenced this pull request Nov 9, 2020
@tvernum
Don't invalidate refresh token a second time (#64682)
c7f52c3 
This changes the token service so that it recognises when a refresh
token is already invalidated and does not attempt to invalidated it
again.

Although the update would be detected as a no-op and handled
appropriately, the code could fail if the underlying document was
deleted between the search and the update.

Since we know that update will be a no-op, we can skip any attempt to
do the update, and return immediately.

Backport of: #64259
@ywangd ywangd mentioned this pull request Nov 9, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkakavas jkakavas jkakavas approved these changes

Assignees

No one assigned

Labels

>bug :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v7.11.0 v8.0.0-alpha1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tvernum @jkakavas @jakelandis