Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(182)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: common/auth/internal/common.go

Issue 2952323002: Take into account expiration time when comparing tokens. (Closed)
Patch Set: Take into account expiration time when comparing tokens. Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The LUCI Authors. All rights reserved. 1 // Copyright 2015 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 // Package internal contains code used internally by common/auth. 5 // Package internal contains code used internally by common/auth.
6 package internal 6 package internal
7 7
8 import ( 8 import (
9 "bytes" 9 "bytes"
10 "reflect" 10 "reflect"
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after
190 } 190 }
191 if t.Expiry.After(deadline.Add(expiryRandInterval)) { 191 if t.Expiry.After(deadline.Add(expiryRandInterval)) {
192 // Definitely expires much later than 'lifetime', no need to inv olve RNG. 192 // Definitely expires much later than 'lifetime', no need to inv olve RNG.
193 return false 193 return false
194 } 194 }
195 // Semi-randomly declare it as expired. 195 // Semi-randomly declare it as expired.
196 rnd := time.Duration(mathrand.Int63n(ctx, int64(expiryRandInterval))) 196 rnd := time.Duration(mathrand.Int63n(ctx, int64(expiryRandInterval)))
197 return t.Expiry.Before(deadline.Add(rnd)) 197 return t.Expiry.Before(deadline.Add(rnd))
198 } 198 }
199 199
200 // EqualTokens returns true if both token object have same access token. 200 // EqualTokens returns true if tokens are equal.
201 // 201 //
202 // 'nil' token corresponds to an empty access token. 202 // 'nil' token corresponds to an empty access token.
203 func EqualTokens(a, b *oauth2.Token) bool { 203 func EqualTokens(a, b *oauth2.Token) bool {
204 if a == b { 204 if a == b {
205 return true 205 return true
206 } 206 }
207 » aTok := "" 207 » if a == nil {
208 » if a != nil { 208 » » a = &oauth2.Token{}
209 » » aTok = a.AccessToken
210 } 209 }
211 » bTok := "" 210 » if b == nil {
212 » if b != nil { 211 » » b = &oauth2.Token{}
213 » » bTok = b.AccessToken
214 } 212 }
215 » return aTok == bTok 213 » return a.AccessToken == b.AccessToken && a.Expiry.Equal(b.Expiry)
216 } 214 }
217 215
218 // isBadTokenError sniffs out HTTP 400/401 from token source errors. 216 // isBadTokenError sniffs out HTTP 400/401 from token source errors.
219 func isBadTokenError(err error) bool { 217 func isBadTokenError(err error) bool {
220 // See https://github.com/golang/oauth2/blob/master/internal/token.go. 218 // See https://github.com/golang/oauth2/blob/master/internal/token.go.
221 // Unfortunately, fmt.Errorf is used there, so there's no other way to 219 // Unfortunately, fmt.Errorf is used there, so there's no other way to
222 // differentiate between bad tokens/creds and transient errors. 220 // differentiate between bad tokens/creds and transient errors.
223 // Note that mis-categorization is not a big deal: we'll unnecessarily r etry 221 // Note that mis-categorization is not a big deal: we'll unnecessarily r etry
224 // fatal error a bunch of times, thinking it is transient. 222 // fatal error a bunch of times, thinking it is transient.
225 if err == nil { 223 if err == nil {
(...skipping 30 matching lines...) Expand all
256 // errors, HTTP 500 responses, etc). It is difficult to categori ze them, 254 // errors, HTTP 500 responses, etc). It is difficult to categori ze them,
257 // since oauth2 library uses fmt.Errorf(...) for errors. Retryin g a fatal 255 // since oauth2 library uses fmt.Errorf(...) for errors. Retryin g a fatal
258 // error a bunch of times is not very bad, so pick safer approac h and assume 256 // error a bunch of times is not very bad, so pick safer approac h and assume
259 // any error is transient. Revoked refresh token or bad credenti als (most 257 // any error is transient. Revoked refresh token or bad credenti als (most
260 // common source of fatal errors) is already handled above. 258 // common source of fatal errors) is already handled above.
261 return nil, errors.WrapTransient(err) 259 return nil, errors.WrapTransient(err)
262 default: 260 default:
263 return tok, nil 261 return tok, nil
264 } 262 }
265 } 263 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698