diff options
| author | James Elliott <james-d-elliott@users.noreply.github.com> | 2023-11-23 08:20:36 +1100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-23 08:20:36 +1100 |
| commit | c49b973120c7fd755923a2b88afd794c7d320d6e (patch) | |
| tree | 5fcef6de1a85568eee3c67470f73b790b294dda8 /internal/handlers/handler_authz_authn.go | |
| parent | fa141929a39e546f3f3ca6bcbc7bd72c64e575c8 (diff) | |
fix(configuration): illogical refresh interval default (#6319)
When using the file provider with watch enabled, the refresh interval should just be set to always default as the cost is minimal.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Diffstat (limited to 'internal/handlers/handler_authz_authn.go')
| -rw-r--r-- | internal/handlers/handler_authz_authn.go | 28 |
1 files changed, 11 insertions, 17 deletions
diff --git a/internal/handlers/handler_authz_authn.go b/internal/handlers/handler_authz_authn.go index ef13c9bd6..853e98a5c 100644 --- a/internal/handlers/handler_authz_authn.go +++ b/internal/handlers/handler_authz_authn.go @@ -20,14 +20,9 @@ import ( ) // NewCookieSessionAuthnStrategy creates a new CookieSessionAuthnStrategy. -func NewCookieSessionAuthnStrategy(refreshInterval time.Duration) *CookieSessionAuthnStrategy { - if refreshInterval < time.Second*0 { - return &CookieSessionAuthnStrategy{} - } - +func NewCookieSessionAuthnStrategy(refresh schema.RefreshIntervalDuration) *CookieSessionAuthnStrategy { return &CookieSessionAuthnStrategy{ - refreshEnabled: true, - refreshInterval: refreshInterval, + refresh: refresh, } } @@ -75,8 +70,7 @@ func NewHeaderLegacyAuthnStrategy() *HeaderLegacyAuthnStrategy { // CookieSessionAuthnStrategy is a session cookie AuthnStrategy. type CookieSessionAuthnStrategy struct { - refreshEnabled bool - refreshInterval time.Duration + refresh schema.RefreshIntervalDuration } // Get returns the Authn information for this AuthnStrategy. @@ -107,7 +101,7 @@ func (s *CookieSessionAuthnStrategy) Get(ctx *middlewares.AutheliaCtx, provider } } - if invalid := handleVerifyGETAuthnCookieValidate(ctx, provider, &userSession, s.refreshEnabled, s.refreshInterval); invalid { + if invalid := handleVerifyGETAuthnCookieValidate(ctx, provider, &userSession, s.refresh); invalid { if err = ctx.DestroySession(); err != nil { ctx.Logger.WithError(err).Errorf("Unable to destroy user session") } @@ -308,7 +302,7 @@ func (s *HeaderLegacyAuthnStrategy) HandleUnauthorized(ctx *middlewares.Authelia handleAuthzUnauthorizedAuthorizationBasic(ctx, authn) } -func handleVerifyGETAuthnCookieValidate(ctx *middlewares.AutheliaCtx, provider *session.Session, userSession *session.UserSession, profileRefreshEnabled bool, profileRefreshInterval time.Duration) (invalid bool) { +func handleVerifyGETAuthnCookieValidate(ctx *middlewares.AutheliaCtx, provider *session.Session, userSession *session.UserSession, refresh schema.RefreshIntervalDuration) (invalid bool) { isAnonymous := userSession.Username == "" if isAnonymous && userSession.AuthenticationLevel != authentication.NotAuthenticated { @@ -323,7 +317,7 @@ func handleVerifyGETAuthnCookieValidate(ctx *middlewares.AutheliaCtx, provider * return true } - if invalid = handleVerifyGETAuthnCookieValidateUpdate(ctx, userSession, isAnonymous, profileRefreshEnabled, profileRefreshInterval); invalid { + if invalid = handleVerifyGETAuthnCookieValidateRefresh(ctx, userSession, isAnonymous, refresh); invalid { return true } @@ -350,14 +344,14 @@ func handleVerifyGETAuthnCookieValidateInactivity(ctx *middlewares.AutheliaCtx, return time.Unix(userSession.LastActivity, 0).Add(provider.Config.Inactivity).Before(ctx.Clock.Now()) } -func handleVerifyGETAuthnCookieValidateUpdate(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, isAnonymous, enabled bool, interval time.Duration) (invalid bool) { - if !enabled || isAnonymous { +func handleVerifyGETAuthnCookieValidateRefresh(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, isAnonymous bool, refresh schema.RefreshIntervalDuration) (invalid bool) { + if refresh.Never() || isAnonymous { return false } ctx.Logger.WithField("username", userSession.Username).Trace("Checking if we need check the authentication backend for an updated profile for user") - if interval != schema.RefreshIntervalAlways && userSession.RefreshTTL.After(ctx.Clock.Now()) { + if !refresh.Always() && userSession.RefreshTTL.After(ctx.Clock.Now()) { return false } @@ -387,8 +381,8 @@ func handleVerifyGETAuthnCookieValidateUpdate(ctx *middlewares.AutheliaCtx, user diffEmails, diffGroups = utils.IsStringSlicesDifferent(userSession.Emails, details.Emails), utils.IsStringSlicesDifferent(userSession.Groups, details.Groups) diffDisplayName = userSession.DisplayName != details.DisplayName - if interval != schema.RefreshIntervalAlways { - userSession.RefreshTTL = ctx.Clock.Now().Add(interval) + if !refresh.Always() { + userSession.RefreshTTL = ctx.Clock.Now().Add(refresh.Value()) } if !diffEmails && !diffGroups && !diffDisplayName { |