luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Clear the accessor index during revocation

This commit is contained in:
vishalnayak 2016-03-08 14:04:20 -05:00
parent c0fb69a8b1
commit a7c97fcd18
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
vault/token_store.go
View File

@ -313,11 +313,9 @@ func (ts *TokenStore) createAccessorID(entry *TokenEntry) error {
entry.AccessorID = accessorUUID
// Create salted token and accessor IDs
saltedTokenId := ts.SaltID(entry.ID)
saltedAccessorID := ts.SaltID(entry.AccessorID)
// Create index, mapping the Accessor ID to the Token ID
path := lookupPrefix + saltedTokenId + "/" + saltedAccessorID
path := lookupPrefix + ts.SaltID(entry.ID) + "/" + ts.SaltID(entry.AccessorID)
le := &logical.StorageEntry{Key: path, Value: []byte(entry.ID)}
if err := ts.view.Put(le); err != nil {
return fmt.Errorf("failed to persist accessor index entry: %v", err)
@ -499,6 +497,14 @@ func (ts *TokenStore) revokeSalted(saltedId string) error {
}
}
// Clear the accessor ID index if any
if entry != nil && entry.AccessorID != "" {
path := lookupPrefix + ts.SaltID(entry.ID) + "/" + ts.SaltID(entry.AccessorID)
if ts.view.Delete(path); err != nil {
return fmt.Errorf("failed to delete entry: %v", err)
}
}
// Revoke all secrets under this token
if entry != nil {
if err := ts.expiration.RevokeByToken(entry.ID); err != nil {