IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AuthToken: client token rotation fix (#65709)

Browse Source 
* AuthToken: respond with 401 if token is not found

* Set retry to one so we don't retry a failed token rotation
This commit is contained in:
Karl Persson 2023-03-31 16:44:08 +02:00 committed by GitHub
parent 355f47628f
commit 46cfb73e21
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/api/user_token.go
View File

@ -86,7 +86,7 @@ func (hs *HTTPServer) RotateUserAuthToken(c *contextmodel.ReqContext) response.R
}
if errors.Is(err, auth.ErrUserTokenNotFound) {
return response.ErrOrFallback(http.StatusNotFound, http.StatusText(http.StatusFound), err)
return response.ErrOrFallback(http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), err)
}
return response.ErrOrFallback(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError), err)
@ -234,7 +234,7 @@ func (hs *HTTPServer) revokeUserAuthTokenInternal(c *contextmodel.ReqContext, us
return response.Error(400, "Cannot revoke active user auth token", nil)
}
err = hs.AuthTokenService.RevokeToken(c.Req.Context(), token, true)
err = hs.AuthTokenService.RevokeToken(c.Req.Context(), token, false)
if err != nil {
if errors.Is(err, auth.ErrUserTokenNotFound) {
return response.Error(404, "User auth token not found", err)

4
pkg/api/user_token_test.go
View File

@ -171,10 +171,10 @@ func TestHTTPServer_RotateUserAuthToken(t *testing.T) {
expectedStatus: http.StatusUnauthorized,
},
{
desc: "Should return 404 and when token s not found",
desc: "Should return 401 and when token not found",
cookie: &http.Cookie{Name: "grafana_session", Value: "123", Path: "/"},
rotatedErr: auth.ErrUserTokenNotFound,
expectedStatus: http.StatusNotFound,
expectedStatus: http.StatusUnauthorized,
},
{
desc: "Should return 200 and but not set new cookie if token was not rotated",

2
public/app/core/services/backend_srv.ts
View File

@ -450,7 +450,7 @@ export class BackendSrv implements BackendService {
}
rotateToken() {
return this.request({ url: '/api/user/auth-tokens/rotate', method: 'POST' });
return this.request({ url: '/api/user/auth-tokens/rotate', method: 'POST', retry: 1 });
}
loginPing() {