Skip to content

Commit

Permalink
download token 5 minutes before expiry
Browse files Browse the repository at this point in the history
  • Loading branch information
Ravi Nagarjun Akella authored and Ravi Nagarjun Akella committed May 23, 2024
1 parent 1349ca4 commit 04c74a1
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 3 deletions.
3 changes: 2 additions & 1 deletion include/sisl/auth_manager/trf_client.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,10 @@ class TrfClient {
private:
void validate_grant_path() const;
bool grant_path_exists() const { return std::filesystem::exists(SECURITY_DYNAMIC_CONFIG(trf_client->grant_path)); }
// If leeway is set, this will force us to download token ahead of its expiry
bool access_token_expired() const {
return (std::chrono::system_clock::now() >
m_expiry + std::chrono::seconds(SECURITY_DYNAMIC_CONFIG(trf_client->trf_expiry_leeway_secs)));
m_expiry - std::chrono::seconds(SECURITY_DYNAMIC_CONFIG(trf_client->trf_expiry_leeway_secs)));
}
static bool get_file_contents(const std::string& file_name, std::string& contents);

Expand Down
10 changes: 8 additions & 2 deletions src/auth_manager/tests/AuthTest.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,7 @@ static void load_trf_settings() {
SECURITY_SETTINGS_FACTORY().modifiable_settings([](auto& s) {
s.trf_client->grant_path = grant_path;
s.trf_client->server = "127.0.0.1:12346/token";
s.trf_client->trf_expiry_leeway_secs = 30;
s.auth_manager->verify = false;
s.auth_manager->expiry_leeway_secs = 30;
});
Expand Down Expand Up @@ -240,8 +241,9 @@ TEST_F(AuthTest, trf_allow_valid_token) {
const auto raw_token{TestToken().sign_rs256()};
// mock_trf_client is expected to be called twice
// 1. First time when access_token is empty
// 2. When token is set to be expired
EXPECT_CALL(mock_trf_client, request_with_grant_token()).Times(2);
// 2. When expiry - leeway is less than current time
// 3. When access_token is expired
EXPECT_CALL(mock_trf_client, request_with_grant_token()).Times(3);
ON_CALL(mock_trf_client, request_with_grant_token())
.WillByDefault(
testing::Invoke([&mock_trf_client, &raw_token]() { mock_trf_client.set_token(raw_token, "Bearer"); }));
Expand All @@ -253,6 +255,10 @@ TEST_F(AuthTest, trf_allow_valid_token) {
EXPECT_CALL(*mock_auth_mgr, download_key(_)).Times(0);
EXPECT_EQ(mock_auth_mgr->verify(mock_trf_client.get_token()), AuthVerifyStatus::OK);

// token valid but the leeway (30 seconds) should invoke request_with_grant_token
mock_trf_client.set_expiry(std::chrono::system_clock::now() + std::chrono::seconds(25));
EXPECT_EQ(mock_auth_mgr->verify(mock_trf_client.get_token()), AuthVerifyStatus::OK);

// set token to be expired invoking request_with_grant_token
mock_trf_client.set_expiry(std::chrono::system_clock::now() - std::chrono::seconds(100));
EXPECT_CALL(*mock_auth_mgr, download_key(_)).Times(0);
Expand Down

0 comments on commit 04c74a1

Please sign in to comment.