New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
trac 13018: disabling inactive share access #4258
Conversation
8c1c2e2
to
a5cf8b2
Compare
@will-moore / @aleksandra-tarkowska : I'd appreciate any additions to this test to reproduce http://trac.openmicroscopy.org/ome/ticket/13018 -- so far, I always get an exception when attempting to access such a share. |
@aleksandra-tarkowska Do you want to have a look at this, or should I try to replicate what we were seeing in web? |
@will-moore I will write the full test, no worry |
@joshmoore done joshmoore#51 |
Before returning Share subclasses of Session from SessionCache, check that they are active and non-expired. Calls to joinSession now fail with PermissionDeniedException earlier. NB: SessionCache might have been a better location for these checks but it does not have access to an Executor.
@joshmoore @aleksandra-tarkowska: is the |
The test tries to do |
o_share.setActive(sid, True) | ||
|
||
# test expired share, if member has no access to the image | ||
expiration = long(time.time() * 1000) + 86400 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any relevance to the 86400? It looks like this is setting an expiration date in the future? But that wouldn't then be expired, so I'm confused.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
expiration
is when the share will expire rather than it has expired. Server-side this is converted into the appropriate setting for timeToLive
.
@will-moore there is a need to create new client object and join session, although looks like test was altered loosing its main logic, see joshmoore@36647dc#diff-cc72fc55d66d83492366c49e1420fff4R1011. |
|
||
if (Boolean.FALSE.equals(active)) { | ||
throw new SecurityViolation(prefix + " is inactive"); | ||
} else if (started.getTime() + timeToLive > System.currentTimeMillis()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Share may have no expiry date, see failing test_8118
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's never a null expiry but it is set to Long.MAX_VALUE
which is causing an overflow. I'll push a fix for that in just a second.
"Null" expiration values are translated to Long.MAX_VALUE. The previous comparison overflowed to a negative number causing login to fail.
@will-moore, see e42a8ce |
OK - apart from minor potential for improving readability of the tests, this is good to merge. |
Thanks all merging. |
trac 13018: disabling inactive share access
When using
joinSession
on an inactive share, throw PermissionDenied:See: https://trac.openmicroscopy.org/ome/ticket/13018#comment:4