From 873d0ecd091fb48518b9b97bc105555a270534f9 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Wed, 18 Mar 2020 09:43:26 +0200 Subject: [PATCH] Fix potential bug in concurrent token refresh support (#53668) (#53705) Ensure that we do not proceed execution after calling the listerer's onFailure --- .../org/elasticsearch/xpack/security/authc/TokenService.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java index 41ece7547a0..b81f16b6f35 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java @@ -1071,9 +1071,10 @@ public final class TokenService { if (decryptedTokens.length != 2) { logger.warn("Decrypted tokens string is not correctly formatted"); listener.onFailure(invalidGrantException("could not refresh the requested token")); + } else { + listener.onResponse(new Tuple<>(prependVersionAndEncodeAccessToken(refreshTokenStatus.getVersion(), decryptedTokens[0]), + prependVersionAndEncodeRefreshToken(refreshTokenStatus.getVersion(), decryptedTokens[1]))); } - listener.onResponse(new Tuple<>(prependVersionAndEncodeAccessToken(refreshTokenStatus.getVersion(), decryptedTokens[0]), - prependVersionAndEncodeRefreshToken(refreshTokenStatus.getVersion(), decryptedTokens[1]))); } catch (GeneralSecurityException | IOException e) { logger.warn("Could not get stored superseding token values", e); listener.onFailure(invalidGrantException("could not refresh the requested token"));