-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(updater): Stop expiring secret prematurely #49578
base: master
Are you sure you want to change the base?
Conversation
9e53b31
to
232970e
Compare
/backport to stable30 |
/backport to stable29 |
6ee7f8c
to
b77688a
Compare
Signed-off-by: Josh Richards <[email protected]>
b77688a
to
3785f09
Compare
} | ||
|
||
/** | ||
* @param $argument | ||
*/ | ||
protected function run($argument) { | ||
if ($this->config->getSystemValueBool('config_is_read_only')) { | ||
$this->logger->debug('Skipping `updater.secret` reset since config_is_read_only is set', ['app' => 'updatenotification']); | ||
return; | ||
} | ||
|
||
$secretCreated = $this->appConfig->getValueInt('core', 'updater.secret.created', $this->time->getTime()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
$secretCreated = $this->appConfig->getValueInt('core', 'updater.secret.created', $this->time->getTime()); | |
$secretCreated = $this->appConfig->getValueInt('core', 'updater.secret.created'); | |
if ($secretCreated === 0) { | |
... |
Should handle the "does not even exist" case.
Or should we even always try the delete of the updater.secret
, when the timestamp is missing?
return; | ||
} | ||
|
||
$secretCreated = $this->appConfig->getValueInt('core', 'updater.secret.created', $this->time->getTime()); | ||
// Delete old tokens after 2 days | ||
if ($secretCreated >= 172800) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What an oversight 🙈
|
||
static::invokePrivate($this->resetTokenBackgroundJob, 'run', [null]); | ||
$this->invokePrivate($this->resetTokenBackgroundJob, 'run', [null]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
$this->invokePrivate($this->resetTokenBackgroundJob, 'run', [null]); | |
static::invokePrivate($this->resetTokenBackgroundJob, 'run', [null]); |
Static is the correct/new stuff. $this->invokePrivate
actually generates a warning in IDEs?
Ref ffb3a3e
); | ||
} | ||
|
||
public function testRunWithNotExpiredToken(): void { | ||
public function testRunWithNotExpiredToken(): void { // Affirm if updater.secret.created <48 hours ago then `updater.secret` is left alone |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make the comment part of the function name, so the failing test explains it right away without diving into test code,
Otherwise at least make it a proper doc block above the test case
updater.secret
creation and expiration #45714Summary
#43967 introduced a regression in the handling of the expiration of
updater.secret
. The result is thatupdater.secret
is expired at the next job interval (~10 minutes). If the web Updater takes >10 minutes this prevents it from continuing.updater.secret.created
value when we expire a secretconfig_is_read_only
in theAdminController
ResetToken
background job unit tests to catch the scenario addressed by this PRResetToken
background job unit test coverage in generalAdminController
unit test coverage in generalTODO
static
used in theResetToken
test since it didn't seem to serve a purpose but I may have broken it so may require another look)Checklist