From 6b8a58d0c6458ae0ebfd23237a0b6701add29a8b Mon Sep 17 00:00:00 2001 From: Filip Andonie Date: Tue, 27 Aug 2024 11:55:42 +0100 Subject: [PATCH 1/2] fix: race-condition on token request close to expiry --- src/fds/sdk/utils/authentication/confidential.py | 2 +- tests/fds/sdk/utils/authentication/test_confidential.py | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/fds/sdk/utils/authentication/confidential.py b/src/fds/sdk/utils/authentication/confidential.py index 0146f84..0fc8fea 100644 --- a/src/fds/sdk/utils/authentication/confidential.py +++ b/src/fds/sdk/utils/authentication/confidential.py @@ -242,7 +242,7 @@ def _is_cached_token_valid(self) -> bool: if not self._cached_token: log.debug("Access Token cache is empty") return False - if time.time() < self._cached_token[CONSTS.TOKEN_EXPIRES_AT]: + if time.time() < self._cached_token[CONSTS.TOKEN_EXPIRES_AT] - 30: return True else: log.debug("Cached access token has expired at %s", self._cached_token[CONSTS.TOKEN_EXPIRES_AT]) diff --git a/tests/fds/sdk/utils/authentication/test_confidential.py b/tests/fds/sdk/utils/authentication/test_confidential.py index 56c9382..4b533b9 100644 --- a/tests/fds/sdk/utils/authentication/test_confidential.py +++ b/tests/fds/sdk/utils/authentication/test_confidential.py @@ -409,7 +409,7 @@ def test_get_access_token_cached(example_config, mocker, caplog): mock_oauth2_session = mocker.patch("fds.sdk.utils.authentication.confidential.OAuth2Session") mock_oauth2_session.return_value.fetch_token.return_value = { "access_token": "test", - "expires_at": 10, + "expires_at": 40, } mocker.patch("fds.sdk.utils.authentication.confidential.time.time", return_value=0) @@ -418,7 +418,7 @@ def test_get_access_token_cached(example_config, mocker, caplog): assert client.get_access_token() == client.get_access_token() mock_oauth2_session.return_value.fetch_token.assert_called_once() - assert "Retrieving cached token. Expires in '10' seconds" in caplog.text + assert "Retrieving cached token. Expires in '40' seconds" in caplog.text def test_get_access_token_cache_expired(client, mocker, caplog): @@ -428,7 +428,7 @@ def test_get_access_token_cache_expired(client, mocker, caplog): "fds.sdk.utils.authentication.confidential.OAuth2Session.fetch_token", return_value={ "access_token": "test", - "expires_at": 10, + "expires_at": 30, }, ) From 9902e2bab1cb35e7d4d1785fc1e41a4f09648caa Mon Sep 17 00:00:00 2001 From: Filip Andonie Date: Tue, 27 Aug 2024 18:59:40 +0100 Subject: [PATCH 2/2] fix: race-condition on token request close to expiry --- src/fds/sdk/utils/authentication/confidential.py | 2 +- src/fds/sdk/utils/authentication/constants.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/fds/sdk/utils/authentication/confidential.py b/src/fds/sdk/utils/authentication/confidential.py index 0fc8fea..52d42e7 100644 --- a/src/fds/sdk/utils/authentication/confidential.py +++ b/src/fds/sdk/utils/authentication/confidential.py @@ -242,7 +242,7 @@ def _is_cached_token_valid(self) -> bool: if not self._cached_token: log.debug("Access Token cache is empty") return False - if time.time() < self._cached_token[CONSTS.TOKEN_EXPIRES_AT] - 30: + if time.time() < self._cached_token[CONSTS.TOKEN_EXPIRES_AT] - CONSTS.TOKEN_EXPIRY_OFFSET_SECS: return True else: log.debug("Cached access token has expired at %s", self._cached_token[CONSTS.TOKEN_EXPIRES_AT]) diff --git a/src/fds/sdk/utils/authentication/constants.py b/src/fds/sdk/utils/authentication/constants.py index 413a0b7..aaf9133 100644 --- a/src/fds/sdk/utils/authentication/constants.py +++ b/src/fds/sdk/utils/authentication/constants.py @@ -14,6 +14,7 @@ class CONSTS: # access token TOKEN_ACCESS_TOKEN = "access_token" TOKEN_EXPIRES_AT = "expires_at" + TOKEN_EXPIRY_OFFSET_SECS = 30 # config CONFIG_CLIENT_ID = "clientId"