Handle LFS token creation and retrieval in the same method, and in the same Redis connection.lfs-ssh-authorization-fix

Reset expiry time of token, if token is retrieved again before it expires.

3 files changed, 11 insertions, 14 deletions

diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index 090d04544da..9a5d1ece070 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -90,7 +90,7 @@ module API
 
         {
           username: token_handler.actor_name,
-          lfs_token: token_handler.generate,
+          lfs_token: token_handler.token,
           repository_http_path: project.http_url_to_repo
         }
       end
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index 7c0f2115d43..aca5d0020cf 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -124,7 +124,7 @@ module Gitlab
             read_authentication_abilities
           end
 
-        Result.new(actor, nil, token_handler.type, authentication_abilities) if Devise.secure_compare(token_handler.value, password)
+        Result.new(actor, nil, token_handler.type, authentication_abilities) if Devise.secure_compare(token_handler.token, password)
       end
 
       def build_access_token_check(login, password)
diff --git a/lib/gitlab/lfs_token.rb b/lib/gitlab/lfs_token.rb
index f31444b2b07..7b3bbcf6a32 100644
--- a/lib/gitlab/lfs_token.rb
+++ b/lib/gitlab/lfs_token.rb
@@ -17,21 +17,18 @@ module Gitlab
         end
     end
 
-    def generate
-      return value if value
-
-      token = Devise.friendly_token(TOKEN_LENGTH)
-
+    def token
       Gitlab::Redis.with do |redis|
-        redis.set(redis_key, token, ex: EXPIRY_TIME)
-      end
+        token = redis.get(redis_key)
 
-      token
-    end
+        if token
+          redis.expire(redis_key, EXPIRY_TIME)
+        else
+          token = Devise.friendly_token(TOKEN_LENGTH)
+          redis.set(redis_key, token, ex: EXPIRY_TIME)
+        end
 
-    def value
-      Gitlab::Redis.with do |redis|
-        redis.get(redis_key)
+        token
       end
     end