QRunIO/qqq
2
0
Fork 0
mirror of https://github.com/Kingsrook/qqq.git synced 2025-07-18 13:10:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix chicken-egg session from repeating all-access key values

Browse Source
This commit is contained in:
darin.kelkhoff
2024-05-17 15:59:14 -05:00
parent 425629de52
commit 759972b70c
1 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/implementations/Auth0AuthenticationModule.java
View File

@ -150,10 +150,7 @@ public class Auth0AuthenticationModule implements QAuthenticationModuleInterface
////////////////////////////////////////////////////////////////////////////////////////////////////////////
// this is how we allow the actions within this class to work without themselves having a logged-in user. //
////////////////////////////////////////////////////////////////////////////////////////////////////////////
private static QSession chickenAndEggSession = new QSession()
{
};
private static QSession chickenAndEggSession = null;
@ -163,14 +160,29 @@ public class Auth0AuthenticationModule implements QAuthenticationModuleInterface
*******************************************************************************/
private QSession getChickenAndEggSession()
{
for(String typeName : QContext.getQInstance().getSecurityKeyTypes().keySet())
if(chickenAndEggSession == null)
{
QSecurityKeyType keyType = QContext.getQInstance().getSecurityKeyType(typeName);
if(StringUtils.hasContent(keyType.getAllAccessKeyName()))
////////////////////////////////////////////////////////////////////////////////
// if the static field is null, then let's make a new session; //
// prime it with all all-access keys; and then set it in the static field. //
// and, if 2 threads get in here at the same time, no real harm will be done, //
// other than creating the session twice, and whoever loses the race, that'll //
// be the one that stays in the field //
////////////////////////////////////////////////////////////////////////////////
QSession newChickenAndEggSession = new QSession();
for(String typeName : QContext.getQInstance().getSecurityKeyTypes().keySet())
{
chickenAndEggSession = chickenAndEggSession.withSecurityKeyValue(keyType.getAllAccessKeyName(), true);
QSecurityKeyType keyType = QContext.getQInstance().getSecurityKeyType(typeName);
if(StringUtils.hasContent(keyType.getAllAccessKeyName()))
{
newChickenAndEggSession.withSecurityKeyValue(keyType.getAllAccessKeyName(), true);
}
}
chickenAndEggSession = newChickenAndEggSession;
}
return (chickenAndEggSession);
}