Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refreshToken: put the lock before the most recent token is retrieved #1094

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

refreshToken: put the lock before the most recent token is retrieved #1094

wants to merge 1 commit into from

Conversation

GeoffreyHuck
Copy link
Contributor

@GeoffreyHuck GeoffreyHuck commented Jun 16, 2024
edited
Loading

If another refresh is already happening, the most recent token will have changed when the lock is released, and with the current code, it will be refreshed again.

The following process had an issue:

  1. We start two refresh requests
  2. The first one takes the lock and refreshes the token, while the second gets the most recent token of the session, then waits for the lock
  3. The first request finishes, put the new token in the database, and release the lock
  4. The second request gets the lock, refreshes the token again. But it shouldn't, because now there is a valid most recent token for the session!

With this change, 4. becomes: The second request acquires the lock, gets the most recent valid token for the session, notices it is too new to refresh, and simply returns it.

Note: maybe we need a test for that.

@GeoffreyHuck
refreshToken: we put the lock before the most recent token is retri…
3c349fe 
…eved, because if another refresh is already happening, the most recent token will have changed when the lock is released.

The following process had an issue:
1. We start two refresh requests
2. The first one takes the lock and refresh the token, while the second gets the most recent token of the session, then waits for the lock
3. The first request finishes, put the new token in the database, and release the lock
4. The second request refreshes the token. But it shouldn't, because now there is a valid most recent token for the session!

With this change, 4. becomes: The second request get the most recent valid token for the session, notices it is too new to refresh, and simply returns it.

Signed-off-by: Geoffrey Huck <[email protected]>
@GeoffreyHuck GeoffreyHuck requested a review from smadbe June 16, 2024 06:33
smadbe
smadbe approved these changes Jun 17, 2024
View reviewed changes
Copy link
Contributor

@smadbe smadbe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: maybe we need a test for that.

Yes, that seems very useful to prevent regression.

@smadbe
Copy link
Contributor

smadbe commented Aug 7, 2024

@zenovich could you take over this PR (i.e. check it and add the required tests)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smadbe smadbe smadbe approved these changes

Assignees

@zenovich zenovich

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@GeoffreyHuck @smadbe @zenovich