Ensure that ActionListener is called exactly once
This bug was introduced in #36893 and had the effect that execution would continue after calling onFailure on the the listener in checkIfTokenIsValid in the case that the token is expired. In a case of many consecutive requests this could lead to the unwelcome side effect of an expired access token producing a successful authentication response.
This commit is contained in:
parent
38b698d455
commit
2a79c468f8
|
@ -1017,8 +1017,7 @@ public final class TokenService {
|
|||
Instant currentTime = clock.instant();
|
||||
if (currentTime.isAfter(userToken.getExpirationTime())) {
|
||||
listener.onFailure(traceLog("validate token", userToken.getId(), expiredTokenException()));
|
||||
}
|
||||
if (securityIndex.indexExists() == false) {
|
||||
} else if (securityIndex.indexExists() == false) {
|
||||
// index doesn't exist so the token is considered invalid as we cannot verify its validity
|
||||
logger.warn("failed to validate token [{}] since the security index doesn't exist", userToken.getId());
|
||||
listener.onResponse(null);
|
||||
|
|
Loading…
Reference in New Issue