public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AuthToken: client token rotation fix (#65709)

Browse Source 
* AuthToken: respond with 401 if token is not found

* Set retry to one so we don't retry a failed token rotation
This commit is contained in:
Karl Persson
2023-03-31 16:44:08 +02:00
committed by GitHub
parent 355f47628f
commit 46cfb73e21
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/user_token.go
+2 -2
View File
@@ -86,7 +86,7 @@ func (hs *HTTPServer) RotateUserAuthToken(c *contextmodel.ReqContext) response.R
}
if errors.Is(err, auth.ErrUserTokenNotFound) {
return response.ErrOrFallback(http.StatusNotFound, http.StatusText(http.StatusFound), err)
return response.ErrOrFallback(http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), err)
}
return response.ErrOrFallback(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError), err)
@@ -234,7 +234,7 @@ func (hs *HTTPServer) revokeUserAuthTokenInternal(c *contextmodel.ReqContext, us
return response.Error(400, "Cannot revoke active user auth token", nil)
}
err = hs.AuthTokenService.RevokeToken(c.Req.Context(), token, true)
err = hs.AuthTokenService.RevokeToken(c.Req.Context(), token, false)
if err != nil {
if errors.Is(err, auth.ErrUserTokenNotFound) {
return response.Error(404, "User auth token not found", err)
pkg/api/user_token_test.go
+2 -2
View File
@@ -171,10 +171,10 @@ func TestHTTPServer_RotateUserAuthToken(t *testing.T) {
expectedStatus: http.StatusUnauthorized,
},
{
desc: "Should return 404 and when token s not found",
desc: "Should return 401 and when token not found",
cookie: &http.Cookie{Name: "grafana_session", Value: "123", Path: "/"},
rotatedErr: auth.ErrUserTokenNotFound,
expectedStatus: http.StatusNotFound,
expectedStatus: http.StatusUnauthorized,
},
{
desc: "Should return 200 and but not set new cookie if token was not rotated",