Commit 80fef70b authored by Patricio Cano's avatar Patricio Cano

Merge branch 'lfs-token-race-condition-fix' into 'master'

Fix race condition on LFS Token

## What does this MR do?

 Fixes a race condition that can be triggered if the token expires right after we retrieve it, but before we can set the new expiry time. 

https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6551#note_16190569

Thanks for catching this so quickly @jacobvosmaer-gitlab 

cc @DouweM

See merge request !6592
parents c2cc5d34 26678d8e
...@@ -20,13 +20,8 @@ module Gitlab ...@@ -20,13 +20,8 @@ module Gitlab
def token def token
Gitlab::Redis.with do |redis| Gitlab::Redis.with do |redis|
token = redis.get(redis_key) token = redis.get(redis_key)
token ||= Devise.friendly_token(TOKEN_LENGTH)
if token redis.set(redis_key, token, ex: EXPIRY_TIME)
redis.expire(redis_key, EXPIRY_TIME)
else
token = Devise.friendly_token(TOKEN_LENGTH)
redis.set(redis_key, token, ex: EXPIRY_TIME)
end
token token
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment