Skip to content

Commit

Permalink
Merge branch 'develop/v1' into v1
Browse files Browse the repository at this point in the history
  • Loading branch information
lestrrat committed Apr 13, 2022
2 parents f4701e1 + 8ff6c75 commit baba561
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 1 deletion.
7 changes: 7 additions & 0 deletions Changes
Original file line number Diff line number Diff line change
@@ -1,6 +1,13 @@
Changes
=======

v1.2.23 13 Apr 2022
[Bug fixes]
* [jwk] jwk.AutoRefresh had a race condition when `Configure()` was
called concurrently (#686)
(It has been patched correctly, but we may come back to revisit
the design choices in the near future)

v1.2.22 08 Apr 2022
[Bug fixes]
* [jws] jws.Verify was ignoring the `b64` header when it was present
Expand Down
7 changes: 6 additions & 1 deletion jwk/refresh.go
Original file line number Diff line number Diff line change
Expand Up @@ -489,9 +489,9 @@ func (af *AutoRefresh) refreshLoop(ctx context.Context) {
func (af *AutoRefresh) doRefreshRequest(ctx context.Context, url string, enableBackoff bool) error {
af.muRegistry.RLock()
t, ok := af.registry[url]
af.muRegistry.RUnlock()

if !ok {
af.muRegistry.RUnlock()
return errors.Errorf(`url "%s" is not registered`, url)
}

Expand All @@ -505,6 +505,7 @@ func (af *AutoRefresh) doRefreshRequest(ctx context.Context, url string, enableB
if t.wl != nil {
fetchOptions = append(fetchOptions, WithFetchWhitelist(t.wl))
}
af.muRegistry.RUnlock()

res, err := fetch(ctx, url, fetchOptions...)
if err == nil {
Expand All @@ -520,7 +521,9 @@ func (af *AutoRefresh) doRefreshRequest(ctx context.Context, url string, enableB
af.muCache.Lock()
af.cache[url] = keyset
af.muCache.Unlock()
af.muRegistry.RLock()
nextInterval := calculateRefreshDuration(res, t.refreshInterval, t.minRefreshInterval)
af.muRegistry.RUnlock()
rtr := &resetTimerReq{
t: t,
d: nextInterval,
Expand All @@ -532,8 +535,10 @@ func (af *AutoRefresh) doRefreshRequest(ctx context.Context, url string, enableB
}

now := time.Now()
af.muRegistry.Lock()
t.lastRefresh = now.Local()
t.nextRefresh = now.Add(nextInterval).Local()
af.muRegistry.Unlock()
return nil
}
err = parseErr
Expand Down
48 changes: 48 additions & 0 deletions jwk/refresh_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import (
"github.com/lestrrat-go/jwx/internal/jwxtest"
"github.com/lestrrat-go/jwx/jwk"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)

//nolint:revive,golint
Expand Down Expand Up @@ -384,3 +385,50 @@ func TestErrorSink(t *testing.T) {
})
}
}

func TestAutoRefreshRace(t *testing.T) {
k, err := jwxtest.GenerateRsaJwk()
if !assert.NoError(t, err, `jwxtest.GenerateRsaJwk should succeed`) {
return
}
set := jwk.NewSet()
set.Add(k)

// set up a server that always success since we need to update the registered target
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(k)
}))
defer srv.Close()

// configure a unique auto-refresh
ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
defer cancel()
ar := jwk.NewAutoRefresh(ctx)
ch := make(chan jwk.AutoRefreshError, 256) // big buffer
ar.ErrorSink(ch)

wg := sync.WaitGroup{}
routineErr := make(chan error, 20)

// execute a bunch of parallel refresh forcing the requests to the server
// need to simulate configure happening also in the goroutine since this is
// the cause of races when refresh is updating the registered targets
for i := 0; i < 5000; i++ {
wg.Add(1)
go func() {
defer wg.Done()
ctx := context.Background()

ar.Configure(srv.URL, jwk.WithRefreshInterval(500*time.Millisecond))
_, err := ar.Refresh(ctx, srv.URL)

if err != nil {
routineErr <- err
}
}()
}
wg.Wait()

require.Len(t, routineErr, 0)
}

0 comments on commit baba561

Please sign in to comment.