Return data on a token with one use left if there is no Lease ID
Fixes #615
This commit is contained in:
Jeff Mitchell
parent
bd17b74456
commit
94b7be702b
|
|
@ -28,6 +28,8 @@ BUG FIXES:
|
|||
generate them, leading to client errors.
|
||||
* cli: `token-create` now supports the `ttl` parameter in addition to the
|
||||
deprecated `lease` parameter. [GH-688]
|
||||
* core: Return data from `generic` backends on the last use of a limited-use
|
||||
token [GH-615]
|
||||
* core: Fix upgrade path for leases created in `generic` prior to 0.3 [GH-673]
|
||||
* core: Stale leader entries will now be reaped [GH-679]
|
||||
* core: Using `mount-tune` on the auth/token path did not take effect.
|
||||
|
|
|
|||
|
|
@ -447,10 +447,14 @@ func (c *Core) handleRequest(req *logical.Request) (retResp *logical.Response, r
|
|||
defer func() {
|
||||
// Attempt to use the token (decrement num_uses)
|
||||
// If a secret was generated and num_uses is currently 1, it will be
|
||||
// immediately revoked; in that case, don't return the generated
|
||||
// immediately revoked; in that case, don't return the leased
|
||||
// credentials as they are now invalid.
|
||||
if retResp != nil && te != nil && te.NumUses == 1 && retResp.Secret != nil {
|
||||
retResp = logical.ErrorResponse("Secret cannot be returned; token had one use left, so generated credentials were immediately revoked.")
|
||||
if retResp != nil &&
|
||||
te != nil && te.NumUses == 1 &&
|
||||
retResp.Secret != nil &&
|
||||
// Some backends return a TTL even without a Lease ID
|
||||
retResp.Secret.LeaseID != "" {
|
||||
retResp = logical.ErrorResponse("Secret cannot be returned; token had one use left, so leased credentials were immediately revoked.")
|
||||
}
|
||||
if err := c.tokenStore.UseToken(te); err != nil {
|
||||
c.logger.Printf("[ERR] core: failed to use token: %v", err)
|
||||
|
|
|
|||
Loading…
Reference in New Issue