Don't allow overriding token ID with the same token ID (#2917)

Fixes #2916
hashicorp · Jun 24, 2017 · 33d10f8 · 33d10f8
1 parent a00c9e5
commit 33d10f8
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/vault/token_store.go b/vault/token_store.go
@@ -682,6 +682,12 @@ func (ts *TokenStore) create(entry *TokenEntry) error {
 		entry.ID = entryUUID
 	}
 
+	saltedId := ts.SaltID(entry.ID)
+	exist, _ := ts.lookupSalted(saltedId, true)
+	if exist != nil {
+		return fmt.Errorf("cannot create a token with a duplicate ID")
+	}
+
 	entry.Policies = policyutil.SanitizePolicies(entry.Policies, policyutil.DoNotAddDefaultPolicy)
 
 	err := ts.createAccessor(entry)

diff --git a/vault/token_store_test.go b/vault/token_store_test.go
@@ -465,6 +465,9 @@ func TestTokenStore_CreateLookup_ProvidedID(t *testing.T) {
 	if ent.ID != "foobarbaz" {
 		t.Fatalf("bad: ent.ID: expected:\"foobarbaz\"\n actual:%s", ent.ID)
 	}
+	if err := ts.create(ent); err == nil {
+		t.Fatal("expected error creating token with the same ID")
+	}
 
 	out, err := ts.Lookup(ent.ID)
 	if err != nil {