Invalidate credentials when expired error is encountered

Closes #80
aws · Mar 19, 2013 · 4d3cf03 · 4d3cf03
1 parent f6a6289
commit 4d3cf03
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 0 deletions.
diff --git a/lib/event_listeners.js b/lib/event_listeners.js
@@ -215,6 +215,16 @@ AWS.EventListeners = {
       }
     });
 
+    add('INVALIDATE_CREDENTIALS', 'retry', function INVALIDATE_CREDENTIALS(resp) {
+      switch (resp.error.code) {
+        case 'RequestExpired': // EC2 only
+        case 'ExpiredTokenException':
+        case 'ExpiredToken':
+          resp.error.retryable = true;
+          resp.request.client.config.credentials.expired = true;
+      }
+    });
+
     add('REDIRECT', 'retry', function REDIRECT(resp) {
       if (resp.error && resp.error.statusCode == 307) {
         this.httpRequest.endpoint =

diff --git a/test/event_listeners.spec.coffee b/test/event_listeners.spec.coffee
@@ -239,6 +239,35 @@ describe 'AWS.EventListeners', ->
       expect(response.data).toEqual('foo')
       expect(errorHandler).not.toHaveBeenCalled()
 
+    ['ExpiredToken', 'ExpiredTokenException', 'RequestExpired'].forEach (name) ->
+      it 'invalidates expired credentials and retries', ->
+        spyOn(AWS.HttpClient, 'getInstance')
+        AWS.HttpClient.getInstance.andReturn handleRequest: (req, opts, cb, errCb) ->
+          if req.headers.Authorization.match('Credential=INVALIDKEY')
+            helpers.mockHttpSuccessfulResponse 403, {}, name, cb
+          else
+            helpers.mockHttpSuccessfulResponse 200, {}, 'DATA', cb
+
+        creds =
+          numCalls: 0
+          expired: false
+          accessKeyId: 'INVALIDKEY'
+          secretAccessKey: 'INVALIDSECRET'
+          get: (cb) ->
+            if @expired
+              @numCalls += 1
+              @expired = false
+              @accessKeyId = 'VALIDKEY' + @numCalls
+              @secretAccessKey = 'VALIDSECRET' + @numCalls
+            cb()
+
+        client.config.credentials = creds
+
+        response = makeRequest(->)
+        expect(response.retryCount).toEqual(1)
+        expect(creds.accessKeyId).toEqual('VALIDKEY1')
+        expect(creds.secretAccessKey).toEqual('VALIDSECRET1')
+
   describe 'success', ->
     it 'emits success on a successful response', ->
       # fail every request with a fake networking error