From b600966cf9e8cf140e3c992be1881c5e79a72431 Mon Sep 17 00:00:00 2001 From: Markus Pilman Date: Fri, 29 Jul 2022 12:47:55 -0600 Subject: [PATCH] fix token cache unit test --- .../{TokenCache.cpp => TokenCache.actor.cpp} | 21 ++++++++++++------- fdbrpc/TokenSign.cpp | 2 +- 2 files changed, 14 insertions(+), 9 deletions(-) rename fdbrpc/{TokenCache.cpp => TokenCache.actor.cpp} (94%) diff --git a/fdbrpc/TokenCache.cpp b/fdbrpc/TokenCache.actor.cpp similarity index 94% rename from fdbrpc/TokenCache.cpp rename to fdbrpc/TokenCache.actor.cpp index 41f118aa2d..574a110d53 100644 --- a/fdbrpc/TokenCache.cpp +++ b/fdbrpc/TokenCache.actor.cpp @@ -13,6 +13,8 @@ #include #include +#include "flow/actorcompiler.h" // has to be last include + template class LRUCache { public: @@ -156,6 +158,7 @@ bool TokenCache::validate(TenantNameRef name, StringRef token) { TraceEvent(SevWarn, "InvalidToken") \ .detail("From", peer) \ .detail("Reason", reason) \ + .detail("CurrentTime", currentTime) \ .detail("Token", token.toStringRef(arena).toStringView()) bool TokenCacheImpl::validateAndAdd(double currentTime, StringRef token, NetworkAddress const& peer) { @@ -324,23 +327,25 @@ TEST_CASE("/fdbrpc/authz/TokenCache/BadTokens") { TEST_CASE("/fdbrpc/authz/TokenCache/GoodTokens") { // Don't repeat because token expiry is at seconds granularity and sleeps are costly in unit tests - auto arena = Arena(); - auto privateKey = mkcert::makeEcP256(); - auto const pubKeyName = "somePublicKey"_sr; + state Arena arena; + state PrivateKey privateKey = mkcert::makeEcP256(); + state StringRef pubKeyName = "somePublicKey"_sr; + state ScopeExit> publicKeyClearGuard( + [pubKeyName = pubKeyName]() { FlowTransport::transport().removePublicKey(pubKeyName); }); + state authz::jwt::TokenRef tokenSpec = + authz::jwt::makeRandomTokenSpec(arena, *deterministicRandom(), authz::Algorithm::ES256); + state StringRef signedToken; FlowTransport::transport().addPublicKey(pubKeyName, privateKey.toPublic()); - auto publicKeyClearGuard = ScopeExit([pubKeyName]() { FlowTransport::transport().removePublicKey(pubKeyName); }); - auto& rng = *deterministicRandom(); - auto tokenSpec = authz::jwt::makeRandomTokenSpec(arena, rng, authz::Algorithm::ES256); tokenSpec.expiresAtUnixTime = static_cast(g_network->timer() + 2.0); tokenSpec.keyId = pubKeyName; - auto signedToken = authz::jwt::signToken(arena, tokenSpec, privateKey); + signedToken = authz::jwt::signToken(arena, tokenSpec, privateKey); if (!TokenCache::instance().validate(tokenSpec.tenants.get()[0], signedToken)) { fmt::print("Unexpected failed token validation, token spec: {}, now: {}\n", tokenSpec.toStringRef(arena).toStringView(), g_network->timer()); ASSERT(false); } - threadSleep(3.5); + wait(delay(3.5)); if (TokenCache::instance().validate(tokenSpec.tenants.get()[0], signedToken)) { fmt::print( "Unexpected successful token validation after supposedly expiring in cache, token spec: {}, now: {}\n", diff --git a/fdbrpc/TokenSign.cpp b/fdbrpc/TokenSign.cpp index 3dd1ec0c67..0f357c749d 100644 --- a/fdbrpc/TokenSign.cpp +++ b/fdbrpc/TokenSign.cpp @@ -460,7 +460,7 @@ TokenRef makeRandomTokenSpec(Arena& arena, IRandom& rng, Algorithm alg) { for (auto i = 0; i < numAudience; i++) aud[i] = genRandomAlphanumStringRef(arena, rng, MaxTenantNameLenPlus1); ret.audience = VectorRef(aud, numAudience); - ret.issuedAtUnixTime = timer_int() / 1'000'000'000ul; + ret.issuedAtUnixTime = uint64_t(std::floor(g_network->timer())); ret.notBeforeUnixTime = ret.issuedAtUnixTime.get(); ret.expiresAtUnixTime = ret.issuedAtUnixTime.get() + rng.randomInt(360, 1080 + 1); auto numTenants = rng.randomInt(1, 3);