Attempt an OAuth2 Refresh on 401 (#3903)

This commit is contained in:
HdroguettA 2023-12-17 20:21:07 +11:00 committed by GitHub
parent e2fdfd2937
commit f24c3583fb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -433,9 +433,7 @@ class Monitor extends BeanModel {
if (this.auth_method === "oauth2-cc") { if (this.auth_method === "oauth2-cc") {
try { try {
if (this.oauthAccessToken === undefined || new Date(this.oauthAccessToken.expires_at * 1000) <= new Date()) { if (this.oauthAccessToken === undefined || new Date(this.oauthAccessToken.expires_at * 1000) <= new Date()) {
log.debug("monitor", `[${this.name}] The oauth access-token undefined or expired. Requesting a new one`); this.oauthAccessToken = await this.makeOidcTokenClientCredentialsRequest();
this.oauthAccessToken = await getOidcTokenClientCredentials(this.oauth_token_url, this.oauth_client_id, this.oauth_client_secret, this.oauth_scopes, this.oauth_auth_method);
log.debug("monitor", `[${this.name}] Obtained oauth access-token. Expires at ${new Date(this.oauthAccessToken.expires_at * 1000)}`);
} }
oauth2AuthHeader = { oauth2AuthHeader = {
"Authorization": this.oauthAccessToken.token_type + " " + this.oauthAccessToken.access_token, "Authorization": this.oauthAccessToken.token_type + " " + this.oauthAccessToken.access_token,
@ -1065,18 +1063,35 @@ class Monitor extends BeanModel {
} }
return res; return res;
} catch (e) { } catch (error) {
/**
* Make a single attempt to obtain an new access token in the event that
* the recent api request failed for authentication purposes
*/
if (this.auth_method === "oauth2-cc" && error.response.status === 401 && !finalCall) {
this.oauthAccessToken = await this.makeOidcTokenClientCredentialsRequest();
let oauth2AuthHeader = {
"Authorization": this.oauthAccessToken.token_type + " " + this.oauthAccessToken.access_token,
};
options.headers = { ...(options.headers),
...(oauth2AuthHeader)
};
return this.makeAxiosRequest(options, true);
}
// Fix #2253 // Fix #2253
// Read more: https://stackoverflow.com/questions/1759956/curl-error-18-transfer-closed-with-outstanding-read-data-remaining // Read more: https://stackoverflow.com/questions/1759956/curl-error-18-transfer-closed-with-outstanding-read-data-remaining
if (!finalCall && typeof e.message === "string" && e.message.includes("maxContentLength size of -1 exceeded")) { if (!finalCall && typeof error.message === "string" && error.message.includes("maxContentLength size of -1 exceeded")) {
log.debug("monitor", "makeAxiosRequest with gzip"); log.debug("monitor", "makeAxiosRequest with gzip");
options.headers["Accept-Encoding"] = "gzip, deflate"; options.headers["Accept-Encoding"] = "gzip, deflate";
return this.makeAxiosRequest(options, true); return this.makeAxiosRequest(options, true);
} else { } else {
if (typeof e.message === "string" && e.message.includes("maxContentLength size of -1 exceeded")) { if (typeof error.message === "string" && error.message.includes("maxContentLength size of -1 exceeded")) {
e.message = "response timeout: incomplete response within a interval"; error.message = "response timeout: incomplete response within a interval";
} }
throw e; throw error;
} }
} }
} }
@ -1579,6 +1594,23 @@ class Monitor extends BeanModel {
const parentActive = await Monitor.isParentActive(parent.id); const parentActive = await Monitor.isParentActive(parent.id);
return parent.active && parentActive; return parent.active && parentActive;
} }
/**
* Obtains a new Oidc Token
* @returns {Promise<object>} OAuthProvider client
*/
async makeOidcTokenClientCredentialsRequest() {
log.debug("monitor", `[${this.name}] The oauth access-token undefined or expired. Requesting a new token`);
const oAuthAccessToken = await getOidcTokenClientCredentials(this.oauth_token_url, this.oauth_client_id, this.oauth_client_secret, this.oauth_scopes, this.oauth_auth_method);
if (this.oauthAccessToken?.expires_at) {
log.debug("monitor", `[${this.name}] Obtained oauth access-token. Expires at ${new Date(this.oauthAccessToken?.expires_at * 1000)}`);
} else {
log.debug("monitor", `[${this.name}] Obtained oauth access-token. Time until expiry was not provided`);
}
return oAuthAccessToken;
}
} }
module.exports = Monitor; module.exports = Monitor;