Fix failed authenticate resulting in session reset (#4839)

This commit is contained in:
Gerard Guillemas Martos 2024-09-19 15:17:29 +01:00 committed by GitHub
parent 491b549f1d
commit 957ff739bb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 24 additions and 2 deletions

View file

@ -172,9 +172,12 @@ pub trait RpcContext {
return Err(RpcError::InvalidParams); return Err(RpcError::InvalidParams);
}; };
let mut tmp_session = mem::take(self.session_mut()); let mut tmp_session = mem::take(self.session_mut());
crate::iam::verify::token(self.kvs(), &mut tmp_session, &token.0).await?; let out: Result<(), RpcError> =
crate::iam::verify::token(self.kvs(), &mut tmp_session, &token.0)
.await
.map_err(Into::into);
*self.session_mut() = tmp_session; *self.session_mut() = tmp_session;
Ok(Value::None.into()) out.map(|_| Value::None.into())
} }
// ------------------------------ // ------------------------------

View file

@ -1505,6 +1505,25 @@ async fn session_reauthentication_expired() {
server.finish().unwrap(); server.finish().unwrap();
} }
#[test(tokio::test)]
async fn session_failed_reauthentication() {
// Setup database server without authentication
let (addr, mut server) = common::start_server_without_auth().await.unwrap();
// Connect to WebSocket
let mut socket = Socket::connect(&addr, SERVER, FORMAT).await.unwrap();
// Specify a namespace and database to use
socket.send_message_use(Some(NS), Some(DB)).await.unwrap();
// Check that we have are have a database and namespace selected
socket.send_message_query("INFO FOR DB").await.unwrap();
// Authenticate using an invalid token
socket.send_request("authenticate", json!(["invalid",])).await.unwrap();
// Check to see if we still have a namespace and database selected
let res = socket.send_message_query("INFO FOR DB").await.unwrap();
assert_eq!(res[0]["status"], "OK", "result: {res:?}");
// Test passed
server.finish().unwrap();
}
#[test(tokio::test)] #[test(tokio::test)]
async fn session_use_change_database() { async fn session_use_change_database() {
// Setup database server // Setup database server