diff options
author | Patricio Cano <patricio@gitlab.com> | 2016-09-29 22:21:25 +0000 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-10-05 16:35:05 +0200 |
commit | f0d448fd57568c3a960c4165c8489bea5a2ad57a (patch) | |
tree | 243534e8995d6a43632fcf3154bea53eadd145f8 | |
parent | a20779b63366acffe146b6421cbafe5c4e759fe8 (diff) | |
download | gitlab-ce-f0d448fd57568c3a960c4165c8489bea5a2ad57a.tar.gz |
Merge branch 'lfs-token-race-condition-fix' into 'master'
Fix race condition on LFS Token
## What does this MR do?
Fixes a race condition that can be triggered if the token expires right after we retrieve it, but before we can set the new expiry time.
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6551#note_16190569
Thanks for catching this so quickly @jacobvosmaer-gitlab
cc @DouweM
See merge request !6592
Signed-off-by: Rémy Coutable <remy@rymai.me>
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | lib/gitlab/lfs_token.rb | 9 |
2 files changed, 3 insertions, 7 deletions
diff --git a/CHANGELOG b/CHANGELOG index c54412ae09f..fc52babe4ce 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -4,6 +4,7 @@ v 8.12.4 (unreleased) - Fix "Copy to clipboard" tooltip to say "Copied!" when clipboard button is clicked. !6294 (lukehowell) - Fix padding in build sidebar. !6506 - Changed compare dropdowns to dropdowns with isolated search input. !6550 + - Fix race condition on LFS Token. !6592 v 8.12.3 - Update Gitlab Shell to support low IO priority for storage moves diff --git a/lib/gitlab/lfs_token.rb b/lib/gitlab/lfs_token.rb index 7b3bbcf6a32..5f67e97fa2a 100644 --- a/lib/gitlab/lfs_token.rb +++ b/lib/gitlab/lfs_token.rb @@ -20,13 +20,8 @@ module Gitlab def token Gitlab::Redis.with do |redis| token = redis.get(redis_key) - - if token - redis.expire(redis_key, EXPIRY_TIME) - else - token = Devise.friendly_token(TOKEN_LENGTH) - redis.set(redis_key, token, ex: EXPIRY_TIME) - end + token ||= Devise.friendly_token(TOKEN_LENGTH) + redis.set(redis_key, token, ex: EXPIRY_TIME) token end |