Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

fix: add exp backoff to validate fresh git auth tokens#8956

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
kylecarbs merged 2 commits intomainfromexprefresh
Aug 8, 2023
Merged
Show file tree
Hide file tree
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletioncoderd/gitauth/config.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -8,6 +8,7 @@ import (
"net/http"
"net/url"
"regexp"
"time"

"golang.org/x/oauth2"
"golang.org/x/xerrors"
Expand All@@ -17,6 +18,7 @@ import (
"github.com/coder/coder/coderd/database"
"github.com/coder/coder/coderd/httpapi"
"github.com/coder/coder/codersdk"
"github.com/coder/retry"
)

type OAuth2Config interface {
Expand DownExpand Up@@ -75,12 +77,26 @@ func (c *Config) RefreshToken(ctx context.Context, db database.Store, gitAuthLin
// we aren't trying to surface an error, we're just trying to obtain a valid token.
return gitAuthLink, false, nil
}

r := retry.New(50*time.Millisecond, 200*time.Millisecond)
// See the comment below why the retry and cancel is required.
retryCtx, retryCtxCancel := context.WithTimeout(ctx, time.Second)
defer retryCtxCancel()
validate:
valid, _, err := c.ValidateToken(ctx, token.AccessToken)
if err != nil {
return gitAuthLink, false, xerrors.Errorf("validate git auth token: %w", err)
}
if !valid {
// A customer using GitHub in Australia reported that validating immediately
// after refreshing the token would intermittently fail with a 401. Waiting
// a few milliseconds with the exact same token on the exact same request
// would resolve the issue. It seems likely that the write is not propagating
// to the read replica in time.
//
// We do an exponential backoff here to give the write time to propagate.
if c.Type == codersdk.GitProviderGitHub && r.Wait(retryCtx) {
goto validate
}
// The token is no longer valid!
return gitAuthLink, false, nil
}
Expand Down
33 changes: 33 additions & 0 deletionscoderd/gitauth/config_test.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -73,6 +73,39 @@ func TestRefreshToken(t *testing.T) {
require.NoError(t, err)
require.False(t, refreshed)
})
t.Run("ValidateRetryGitHub", func(t *testing.T) {
t.Parallel()
hit := false
// We need to ensure that the exponential backoff kicks in properly.
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if !hit {
hit = true
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte("Not permitted"))
return
}
w.WriteHeader(http.StatusOK)
}))
config := &gitauth.Config{
ID: "test",
OAuth2Config: &testutil.OAuth2Config{
Token: &oauth2.Token{
AccessToken: "updated",
},
},
ValidateURL: srv.URL,
Type: codersdk.GitProviderGitHub,
}
db := dbfake.New()
link := dbgen.GitAuthLink(t, db, database.GitAuthLink{
ProviderID: config.ID,
OAuthAccessToken: "initial",
})
_, refreshed, err := config.RefreshToken(context.Background(), db, link)
require.NoError(t, err)
require.True(t, refreshed)
require.True(t, hit)
})
t.Run("ValidateNoUpdate", func(t *testing.T) {
t.Parallel()
validated := make(chan struct{})
Expand Down
[8]ページ先頭
©2009-2025 Movatter.jp