Ensure that ActionListener is called exactly once

This bug was introduced in #36893 and had the effect that
execution would continue after calling onFailure on the the
listener in checkIfTokenIsValid in the case that the token is
expired. In a case of many consecutive requests this could lead to
the unwelcome side effect of an expired access token producing a
successful authentication response.
This commit is contained in:
Ioannis Kakavas 2019-01-09 07:19:34 +02:00
parent 38b698d455
commit 2a79c468f8
1 changed files with 1 additions and 2 deletions

View File

@ -1017,8 +1017,7 @@ public final class TokenService {
Instant currentTime = clock.instant(); Instant currentTime = clock.instant();
if (currentTime.isAfter(userToken.getExpirationTime())) { if (currentTime.isAfter(userToken.getExpirationTime())) {
listener.onFailure(traceLog("validate token", userToken.getId(), expiredTokenException())); listener.onFailure(traceLog("validate token", userToken.getId(), expiredTokenException()));
} } else if (securityIndex.indexExists() == false) {
if (securityIndex.indexExists() == false) {
// index doesn't exist so the token is considered invalid as we cannot verify its validity // index doesn't exist so the token is considered invalid as we cannot verify its validity
logger.warn("failed to validate token [{}] since the security index doesn't exist", userToken.getId()); logger.warn("failed to validate token [{}] since the security index doesn't exist", userToken.getId());
listener.onResponse(null); listener.onResponse(null);