Skip to content

Get attestation from ETS or Session now checks for expiry.#13

Merged
k-cross merged 1 commit into
dropbox:mainfrom
idyll:cached-saml-session-expiry
Jan 29, 2024
Merged

Get attestation from ETS or Session now checks for expiry.#13
k-cross merged 1 commit into
dropbox:mainfrom
idyll:cached-saml-session-expiry

Conversation

@idyll

@idyll idyll commented Jan 29, 2024

Copy link
Copy Markdown

A Samly.Assertion cached in ETS or the Session will eventually expire.

Samly.State.Store.get_assertion/3 will return currently expired sessions. This is problematic because the Samly.AuthHandler looks for the cached session and doesn't replace it even if it is expired.

This is further exacerbated by Samly.get_active_assertion/1 returning expired assertions.

To address this I've updated the session and ETS logic to no longer return an expired session.
I contemplated purging ETS based on time, but it's most likely that the session store is being used in production.

@CLAassistant

CLAassistant commented Jan 29, 2024
edited
Loading

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

@k-cross k-cross merged commit 7637ebe into dropbox:main Jan 29, 2024
k-cross
k-cross reviewed Jan 29, 2024
View reviewed changes

@k-cross k-cross left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reviewed, and thank you for the fix!

@idyll idyll deleted the cached-saml-session-expiry branch January 29, 2024 19:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@k-cross k-cross k-cross left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@idyll @CLAassistant @k-cross