luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Clear the accessor index during revocation

Browse source
This commit is contained in:
vishalnayak 2016-03-08 14:04:20 -05:00
parent c0fb69a8b1
commit a7c97fcd18
1 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
vault/token_store.go
View file

@ -313,11 +313,9 @@ func (ts *TokenStore) createAccessorID(entry *TokenEntry) error {
entry.AccessorID = accessorUUID entry.AccessorID = accessorUUID
// Create salted token and accessor IDs // Create salted token and accessor IDs
saltedTokenId := ts.SaltID(entry.ID)
saltedAccessorID := ts.SaltID(entry.AccessorID)
// Create index, mapping the Accessor ID to the Token ID // Create index, mapping the Accessor ID to the Token ID
path := lookupPrefix + saltedTokenId + "/" + saltedAccessorID path := lookupPrefix + ts.SaltID(entry.ID) + "/" + ts.SaltID(entry.AccessorID)
le := &logical.StorageEntry{Key: path, Value: []byte(entry.ID)} le := &logical.StorageEntry{Key: path, Value: []byte(entry.ID)}
if err := ts.view.Put(le); err != nil { if err := ts.view.Put(le); err != nil {
return fmt.Errorf("failed to persist accessor index entry: %v", err) return fmt.Errorf("failed to persist accessor index entry: %v", err)
@ -499,6 +497,14 @@ func (ts *TokenStore) revokeSalted(saltedId string) error {
} }
} }
// Clear the accessor ID index if any
if entry != nil && entry.AccessorID != "" {
path := lookupPrefix + ts.SaltID(entry.ID) + "/" + ts.SaltID(entry.AccessorID)
if ts.view.Delete(path); err != nil {
return fmt.Errorf("failed to delete entry: %v", err)
}
}
// Revoke all secrets under this token // Revoke all secrets under this token
if entry != nil { if entry != nil {
if err := ts.expiration.RevokeByToken(entry.ID); err != nil { if err := ts.expiration.RevokeByToken(entry.ID); err != nil {