From c6b951d658da1a8714d8bf966f9614d1cd4d31ad Mon Sep 17 00:00:00 2001 From: Koen Date: Tue, 16 Jul 2024 12:38:09 +0200 Subject: [PATCH 1/3] Create new client if old client is older than 60 s --- src/daemon/auth/providers/openid_connect/provider.rs | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/daemon/auth/providers/openid_connect/provider.rs b/src/daemon/auth/providers/openid_connect/provider.rs index 988adbd47..99f054d28 100644 --- a/src/daemon/auth/providers/openid_connect/provider.rs +++ b/src/daemon/auth/providers/openid_connect/provider.rs @@ -33,7 +33,8 @@ use std::{ HashMap, }, ops::Deref, - sync::Arc, + sync::Arc, + time::Instant, }; use tokio::sync::{RwLock, RwLockReadGuard}; @@ -151,6 +152,7 @@ pub struct ProviderConnectionProperties { client: FlexibleClient, email_scope_supported: bool, userinfo_endpoint_supported: bool, + time_established: Instant, logout_mode: LogoutMode, } @@ -179,7 +181,8 @@ impl OpenIDConnectAuthProvider { async fn initialize_connection_if_needed(&self) -> KrillResult<()> { let mut conn_guard = self.conn.write().await; - if conn_guard.is_none() { + if conn_guard.is_none() || conn_guard.as_ref().unwrap() + .time_established.elapsed().as_secs() >= 60 { *conn_guard = Some(self.initialize_connection().await?); } @@ -194,10 +197,12 @@ impl OpenIDConnectAuthProvider { let (email_scope_supported, userinfo_endpoint_supported, logout_mode) = self.check_provider_capabilities(&meta)?; let client = self.build_client(meta, &logout_mode)?; + let time_established = Instant::now(); let conn = ProviderConnectionProperties { client, email_scope_supported, userinfo_endpoint_supported, + time_established, logout_mode, }; trace!("OpenID Connect: Provider connection initialized"); From 1759136ef632290ca35e349743fe3ba2a3201cf3 Mon Sep 17 00:00:00 2001 From: Martin Hoffmann Date: Mon, 29 Jul 2024 11:16:03 +0200 Subject: [PATCH 2/3] =?UTF-8?q?Don=E2=80=99t=20use=20an=20unwrap.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/daemon/auth/providers/openid_connect/provider.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/daemon/auth/providers/openid_connect/provider.rs b/src/daemon/auth/providers/openid_connect/provider.rs index 99f054d28..b9767634b 100644 --- a/src/daemon/auth/providers/openid_connect/provider.rs +++ b/src/daemon/auth/providers/openid_connect/provider.rs @@ -181,8 +181,11 @@ impl OpenIDConnectAuthProvider { async fn initialize_connection_if_needed(&self) -> KrillResult<()> { let mut conn_guard = self.conn.write().await; - if conn_guard.is_none() || conn_guard.as_ref().unwrap() - .time_established.elapsed().as_secs() >= 60 { + // If we don’t have a connection or it is older than 60 seconds, + // get a new one. + if conn_guard.map(|c| { + c.time_established.elapsed().as_secs() + }).unwrap_or(60) >= 60 { *conn_guard = Some(self.initialize_connection().await?); } From 6ee3f07d95613d322379d3a5f2ac5c608562d144 Mon Sep 17 00:00:00 2001 From: Martin Hoffmann Date: Mon, 29 Jul 2024 11:22:13 +0200 Subject: [PATCH 3/3] Make it actually compile. --- src/daemon/auth/providers/openid_connect/provider.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/daemon/auth/providers/openid_connect/provider.rs b/src/daemon/auth/providers/openid_connect/provider.rs index b9767634b..f335cfd20 100644 --- a/src/daemon/auth/providers/openid_connect/provider.rs +++ b/src/daemon/auth/providers/openid_connect/provider.rs @@ -183,7 +183,7 @@ impl OpenIDConnectAuthProvider { // If we don’t have a connection or it is older than 60 seconds, // get a new one. - if conn_guard.map(|c| { + if conn_guard.as_ref().map(|c| { c.time_established.elapsed().as_secs() }).unwrap_or(60) >= 60 { *conn_guard = Some(self.initialize_connection().await?);