vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

We cannot cache the full expiration for an app specific token, as it would include the datetime when the cache is created, rather than now

Browse source 
Fixes https://jira.coreos.com/browse/QUAY-819
This commit is contained in:
Joseph Schorr 2018-02-02 15:14:43 -05:00
parent ccef3bffe9
commit 6228ab5a51
2 changed files with 40 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

14
data/model/appspecifictoken.py
View file

@ -12,20 +12,22 @@ from util.timedeltastring import convert_to_timedelta
logger = logging.getLogger(__name__)
@lru_cache(maxsize=1)
def _default_expiration():
def _default_expiration_duration():
expiration_str = config.app_config.get('APP_SPECIFIC_TOKEN_EXPIRATION')
return datetime.now() + convert_to_timedelta(expiration_str) if expiration_str else expiration_str
return convert_to_timedelta(expiration_str) if expiration_str else None
# Define a "unique" value so that callers can specifiy an expiration of None and *not* have it
# use the default.
_default_expiration_opt = '__deo'
_default_expiration_duration_opt = '__deo'
def create_token(user, title, expiration=_default_expiration_opt):
def create_token(user, title, expiration=_default_expiration_duration_opt):
""" Creates and returns an app specific token for the given user. If no expiration is specified
(including `None`), then the default from config is used. """
expiration = expiration if expiration != _default_expiration_opt else _default_expiration()
if expiration == _default_expiration_duration_opt:
duration = _default_expiration_duration()
expiration = duration + datetime.now() if duration else None
return AppSpecificAuthToken.create(user=user, title=title, expiration=expiration)