diff options
author | Patricio Cano <patricio@gitlab.com> | 2016-09-29 22:21:25 +0000 |
---|---|---|
committer | Patricio Cano <patricio@gitlab.com> | 2016-09-29 22:21:25 +0000 |
commit | 80fef70bb7c9c1cab1ff80e78f94a83d6712e50d (patch) | |
tree | 8310777099d0668b86bafb77b4d5f6be3898dcf2 | |
parent | c2cc5d3448b3b5fe0c08e71496ea6b8114052b39 (diff) | |
parent | 26678d8ea3f05b5508c0ebc80cb2bc40e0a66556 (diff) | |
download | gitlab-ce-80fef70bb7c9c1cab1ff80e78f94a83d6712e50d.tar.gz |
Merge branch 'lfs-token-race-condition-fix' into 'master'
Fix race condition on LFS Token
## What does this MR do?
Fixes a race condition that can be triggered if the token expires right after we retrieve it, but before we can set the new expiry time.
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6551#note_16190569
Thanks for catching this so quickly @jacobvosmaer-gitlab
cc @DouweM
See merge request !6592
-rw-r--r-- | lib/gitlab/lfs_token.rb | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/lib/gitlab/lfs_token.rb b/lib/gitlab/lfs_token.rb index 7b3bbcf6a32..5f67e97fa2a 100644 --- a/lib/gitlab/lfs_token.rb +++ b/lib/gitlab/lfs_token.rb @@ -20,13 +20,8 @@ module Gitlab def token Gitlab::Redis.with do |redis| token = redis.get(redis_key) - - if token - redis.expire(redis_key, EXPIRY_TIME) - else - token = Devise.friendly_token(TOKEN_LENGTH) - redis.set(redis_key, token, ex: EXPIRY_TIME) - end + token ||= Devise.friendly_token(TOKEN_LENGTH) + redis.set(redis_key, token, ex: EXPIRY_TIME) token end |