[Bugfix] Fix Integration Service (#1614)

Author: ajanikow

integrations/authentication/v1/cache.go

@@ -43,7 +43,7 @@ type cache struct {
 	validationTokens [][]byte
 }
 
-func (i *implementation) newCache() (*cache, error) {
+func (i *implementation) newCache(cfg Configuration) (*cache, error) {
 	files, err := os.ReadDir(i.cfg.Path)
 	if err != nil {
 		return nil, err
@@ -66,7 +66,7 @@ func (i *implementation) newCache() (*cache, error) {
 			continue
 		}
 
-		buff := make([]byte, 32)
+		buff := make([]byte, cfg.Create.MaxSize)
 
 		for id := range buff {
 			buff[id] = 0
@@ -133,7 +133,7 @@ func (i *implementation) refreshCache() (*cache, error) {
 
 	// Get was not successful, retry
 
-	if c, err := i.newCache(); err != nil {
+	if c, err := i.newCache(i.cfg); err != nil {
 		return nil, err
 	} else if c == nil {
 		return nil, errors.Errorf("cache returned is nil")

integrations/authentication/v1/configuration.go

@@ -37,6 +37,8 @@ const (
 	DefaultTokenMinTTL     = time.Minute
 	DefaultTokenMaxTTL     = time.Hour
 	DefaultTokenDefaultTTL = time.Hour
+
+	DefaultMaxTokenSize = 64
 )
 
 type Mod func(c Configuration) Configuration
@@ -52,6 +54,7 @@ func NewConfiguration() Configuration {
 			MinTTL:       DefaultTokenMinTTL,
 			MaxTTL:       DefaultTokenMaxTTL,
 			DefaultTTL:   DefaultTokenDefaultTTL,
+			MaxSize:      DefaultMaxTokenSize,
 		},
 	}
 }
@@ -82,7 +85,7 @@ func (c Configuration) Validate() error {
 	}
 
 	if c.TTL < 0 {
-		return errors.Errorf("TTLS should be not negative")
+		return errors.Errorf("TLS should be not negative")
 	}
 
 	if err := c.Create.Validate(); err != nil {
@@ -98,6 +101,8 @@ type Token struct {
 	AllowedUsers []string
 
 	MinTTL, MaxTTL, DefaultTTL time.Duration
+
+	MaxSize uint16
 }
 
 func (t Token) Validate() error {
@@ -117,6 +122,10 @@ func (t Token) Validate() error {
 		return errors.Errorf("DefautTTL Cannot be higher than MaxTTL")
 	}
 
+	if t.MaxSize <= 0 {
+		return errors.Errorf("MaxSize cannot be less or equal 0")
+	}
+
 	if len(t.AllowedUsers) > 0 {
 		// We are enforcing allowed users
 

integrations/authentication/v1/implementation.go

@@ -165,13 +165,13 @@ func (i *implementation) CreateToken(ctx context.Context, request *pbAuthenticat
 		return nil, err
 	}
 
-	user, exp, err := i.extractTokenDetails(cache, signedToken)
+	user, _, err = i.extractTokenDetails(cache, signedToken)
 	if err != nil {
 		return nil, err
 	}
 
 	return &pbAuthenticationV1.CreateTokenResponse{
-		Lifetime: durationpb.New(exp),
+		Lifetime: durationpb.New(duration),
 		User:     user,
 		Token:    signedToken,
 	}, nil
@@ -195,8 +195,11 @@ func (i *implementation) extractTokenDetails(cache *cache, t string) (string, ti
 	duration := DefaultTokenMaxTTL
 
 	if v, ok := p[token.ClaimEXP]; ok {
-		if s, ok := v.(int64); ok {
-			duration = time.Until(time.Unix(s, 0))
+		switch o := v.(type) {
+		case int64:
+			duration = time.Until(time.Unix(o, 0))
+		case float64:
+			duration = time.Until(time.Unix(int64(o), 0))
 		}
 	}
 

integrations/authentication/v1/service_test.go

@@ -23,8 +23,10 @@ package v1
 import (
 	"context"
 	"testing"
+	"time"
 
 	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/types/known/durationpb"
 
 	pbAuthenticationV1 "github.com/arangodb/kube-arangodb/integrations/authentication/v1/definition"
 	"github.com/arangodb/kube-arangodb/pkg/util"
@@ -189,3 +191,54 @@ func Test_Service_AskForDefaultIfBlocked(t *testing.T) {
 	})
 	require.EqualError(t, err, "rpc error: code = Unknown desc = User blocked is not allowed")
 }
+
+func Test_Service_WithTTL(t *testing.T) {
+	ctx, c := context.WithCancel(context.Background())
+	defer c()
+
+	client, directory := Client(t, ctx)
+
+	reSaveJWTTokens(t, directory, generateJWTToken())
+
+	extract := func(t *testing.T, duration time.Duration) (time.Duration, time.Duration) {
+		token, err := client.CreateToken(ctx, &pbAuthenticationV1.CreateTokenRequest{
+			Lifetime: durationpb.New(duration),
+		})
+		require.NoError(t, err)
+
+		valid, err := client.Validate(ctx, &pbAuthenticationV1.ValidateRequest{
+			Token: token.Token,
+		})
+		require.NoError(t, err)
+
+		require.NotNil(t, token.Lifetime)
+		require.True(t, valid.IsValid)
+		require.NotNil(t, valid.Details)
+
+		return token.Lifetime.AsDuration(), valid.Details.Lifetime.AsDuration()
+	}
+
+	t.Run("10h", func(t *testing.T) {
+		base, current := extract(t, 10*time.Hour)
+		require.EqualValues(t, time.Hour, base)
+		require.True(t, base-time.Second < current)
+	})
+
+	t.Run("1h", func(t *testing.T) {
+		base, current := extract(t, time.Hour)
+		require.EqualValues(t, time.Hour, base)
+		require.True(t, base-time.Second < current)
+	})
+
+	t.Run("1min", func(t *testing.T) {
+		base, current := extract(t, time.Minute)
+		require.EqualValues(t, time.Minute, base)
+		require.True(t, base-time.Second < current)
+	})
+
+	t.Run("1sec", func(t *testing.T) {
+		base, current := extract(t, time.Second)
+		require.EqualValues(t, time.Minute, base)
+		require.True(t, base-time.Second < current)
+	})
+}

pkg/integrations/authentication_v1.go

@@ -50,6 +50,7 @@ func (a *authenticationV1) Register(cmd *cobra.Command, arg ArgGen) error {
 	f.DurationVar(&a.config.Create.DefaultTTL, arg("token.ttl.default"), pbImplAuthenticationV1.DefaultTokenDefaultTTL, "Default Token TTL")
 	f.DurationVar(&a.config.Create.MinTTL, arg("token.ttl.min"), pbImplAuthenticationV1.DefaultTokenMinTTL, "Min Token TTL")
 	f.DurationVar(&a.config.Create.MaxTTL, arg("token.ttl.max"), pbImplAuthenticationV1.DefaultTokenMaxTTL, "Max Token TTL")
+	f.Uint16Var(&a.config.Create.MaxSize, arg("token.max-size"), pbImplAuthenticationV1.DefaultMaxTokenSize, "Max Token max size in bytes")
 	f.StringSliceVar(&a.config.Create.AllowedUsers, arg("token.allowed"), []string{}, "Allowed users for the Token")
 
 	return nil