Merge pull request #5520 from influxdata/dgn-fix-5505

fix #5505: clear authCache when pwd changes
influxdata · Feb 2, 2016 · 0fd8392 · 0fd8392
2 parents cfe87e5 + efbac5f
commit 0fd8392
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -37,6 +37,7 @@
 - [#5475](https://github.com/influxdata/influxdb/issues/5475): Ensure appropriate exit code returned for non-interactive use of CLI.
 - [#5479](https://github.com/influxdata/influxdb/issues/5479): Bringing up a node as a meta only node causes panic
 - [#5504](https://github.com/influxdata/influxdb/issues/5475): create retention policy on unexistant DB crash InfluxDB
+- [#5505](https://github.com/influxdata/influxdb/issues/5505): Clear authCache in meta.Client when password changes.
 
 ## v0.9.6 [2015-12-09]
 

diff --git a/services/meta/client.go b/services/meta/client.go
@@ -553,12 +553,20 @@ func (c *Client) UpdateUser(name, password string) error {
 		return err
 	}
 
-	return c.retryUntilExec(internal.Command_UpdateUserCommand, internal.E_UpdateUserCommand_Command,
+	err = c.retryUntilExec(internal.Command_UpdateUserCommand, internal.E_UpdateUserCommand_Command,
 		&internal.UpdateUserCommand{
 			Name: proto.String(name),
 			Hash: proto.String(string(hash)),
 		},
 	)
+
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if err == nil {
+		delete(c.authCache, name)
+	}
+
+	return err
 }
 
 func (c *Client) DropUser(name string) error {

diff --git a/services/meta/service_test.go b/services/meta/service_test.go
@@ -356,6 +356,26 @@ func TestMetaService_CreateUser(t *testing.T) {
 		t.Fatalf("authentication should fail with %s", meta.ErrAuthenticate)
 	}
 
+	// Change password should succeed.
+	if res := c.ExecuteStatement(mustParseStatement("SET PASSWORD FOR fred = 'moresupersecure'")); res.Err != nil {
+		t.Fatal(res.Err)
+	}
+
+	// Auth for old password should fail
+	u, err = c.Authenticate("fred", "supersecure")
+	if u != nil || err != meta.ErrAuthenticate {
+		t.Fatalf("authentication should fail with %s", meta.ErrAuthenticate)
+	}
+
+	// Auth for new password should succeed.
+	u, err = c.Authenticate("fred", "moresupersecure")
+	if u == nil || err != nil {
+		t.Fatalf("failed to authenticate")
+	}
+	if u.Name != "fred" {
+		t.Fatalf("failed to authenticate")
+	}
+
 	// Auth for unkonwn user should fail
 	u, err = c.Authenticate("foo", "")
 	if u != nil || err != meta.ErrUserNotFound {