From 8cae49d5e3182c22aeeca53b41bdd3ac35c4ec19 Mon Sep 17 00:00:00 2001 From: Zak Burke Date: Fri, 10 Nov 2023 14:09:22 -0500 Subject: [PATCH] Revert "STCOR-574 rotate tokens after 80% of their TTL (#1361)" This reverts commit dd718191f9a23572c5e085ab7355408a09bf1b63. --- CHANGELOG.md | 1 - src/service-worker.js | 29 ++--------------------------- src/service-worker.test.js | 29 ++++++++++------------------- 3 files changed, 12 insertions(+), 47 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aaf42baa8..306629454 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,6 @@ * Avoid private path when import `validateUser` function. Refs STCOR-749. * Ensure `` is not cut off when app name is long. Refs STCOR-752. * Use cookies and RTR instead of directly handling the JWT. Refs STCOR-671, FOLIO-3627. -* Shrink the token lifespan so we are less likely to use an expired one. Refs STCOR-754. * Allow console to be preserved on logout. STCOR-761. ## [10.0.0](https://github.com/folio-org/stripes-core/tree/v10.0.0) (2023-10-11) diff --git a/src/service-worker.js b/src/service-worker.js index 34758ac5a..f036a2772 100644 --- a/src/service-worker.js +++ b/src/service-worker.js @@ -62,31 +62,6 @@ const IS_ROTATING_RETRIES = 100; /** how long to wait before rechecking the lock, in milliseconds (100 * 100) === 10 seconds */ const IS_ROTATING_INTERVAL = 100; -/** - * TTL_WINDOW - * How much of a token's TTL can elapse before it is considered expired? - * This helps us avoid a race-like condition where a token expires in the - * gap between when we check whether we think it's expired and when we use - * it to authorize a new request. Say the last RTR response took a long time - * to arrive, so it was generated at 12:34:56 but we didn't process it until - * 12:34:59. That could cause problems if (just totally hypothetically) we - * had an application (again, TOTALLY hypothetically) that was polling every - * five seconds and one of its requests landed in that three-second gap. Oh, - * hey STCOR-754, what are you doing here? - * - * So this is a buffer. Instead of letting a token be used up until the very - * last second of its life, we'll consider it expired a little early. This will - * cause RTR to happen a little early (i.e. a little more frequently) but that - * should be OK since it increases our confidence that when an AT accompanies - * the RTR request it is still valid. - * - * Value is a float, 0 to 1, inclusive. Closer to 0 means more frequent - * rotation; 1 means a token is valid up the very last moment of its TTL. - * 0.8 is just a SWAG at a "likely to be useful" value. Given a 600 second - * TTL (the current default for ATs) it corresponds to 480 seconds. - */ -export const TTL_WINDOW = 0.8; - /** * isValidAT * return true if tokenExpiration.atExpires is in the future @@ -95,7 +70,7 @@ export const TTL_WINDOW = 0.8; */ export const isValidAT = (te) => { if (shouldLog) console.log(`-- (rtr-sw) => at expires ${new Date(te?.atExpires || null).toISOString()}`); - return !!(te?.atExpires * TTL_WINDOW > Date.now()); + return !!(te?.atExpires > Date.now()); }; /** @@ -106,7 +81,7 @@ export const isValidAT = (te) => { */ export const isValidRT = (te) => { if (shouldLog) console.log(`-- (rtr-sw) => rt expires ${new Date(te?.rtExpires || null).toISOString()}`); - return !!(te?.rtExpires * TTL_WINDOW > Date.now()); + return !!(te?.rtExpires > Date.now()); }; /** diff --git a/src/service-worker.test.js b/src/service-worker.test.js index 11c70fb18..3c0592736 100644 --- a/src/service-worker.test.js +++ b/src/service-worker.test.js @@ -8,7 +8,6 @@ import { passThrough, passThroughLogout, rtr, - TTL_WINDOW, } from './service-worker'; // reassign console.log to keep things quiet @@ -26,12 +25,8 @@ afterAll(() => { }); describe('isValidAT', () => { - it('returns true for ATs with 95% or more of their TTL remaining', () => { - expect(isValidAT({ atExpires: (Date.now() / TTL_WINDOW) + 10000 })).toBe(true); - }); - - it('returns false for ATs 5% or less of their TTL remaining', () => { - expect(isValidAT({ atExpires: Date.now() + 1000 })).toBe(false); + it('returns true for valid ATs', () => { + expect(isValidAT({ atExpires: Date.now() + 1000 })).toBe(true); }); it('returns false for expired ATs', () => { @@ -44,12 +39,8 @@ describe('isValidAT', () => { }); describe('isValidRT', () => { - it('returns true for valid RTs', () => { - expect(isValidRT({ rtExpires: (Date.now() / TTL_WINDOW) + 1000 })).toBe(true); - }); - - it('returns false for RTs 5% or less of their TTL remaining', () => { - expect(isValidRT({ rtExpires: Date.now() + 1000 })).toBe(false); + it('returns true for valid ATs', () => { + expect(isValidRT({ rtExpires: Date.now() + 1000 })).toBe(true); }); it('returns false for expired RTs', () => { @@ -127,7 +118,7 @@ describe('isPermissibleRequest', () => { describe('when AT is valid', () => { it('when AT is valid, accepts any endpoint', () => { const req = { url: 'monkey' }; - const te = { atExpires: (Date.now() / TTL_WINDOW) + 1000, rtExpires: (Date.now() / TTL_WINDOW) + 1000 }; + const te = { atExpires: Date.now() + 1000, rtExpires: Date.now() + 1000 }; expect(isPermissibleRequest(req, te, '')).toBe(true); }); }); @@ -304,7 +295,7 @@ describe('passThrough', () => { clone: () => req, } }; - const tokenExpiration = { atExpires: (Date.now() / TTL_WINDOW) + 10000 }; + const tokenExpiration = { atExpires: Date.now() + 10000 }; const response = { ok: true }; global.fetch = jest.fn(() => Promise.resolve(response)); @@ -322,7 +313,7 @@ describe('passThrough', () => { clone: () => req, } }; - const tokenExpiration = { atExpires: (Date.now() / TTL_WINDOW) + 10000 }; + const tokenExpiration = { atExpires: Date.now() + 10000 }; const response = { ok: false, @@ -347,8 +338,8 @@ describe('passThrough', () => { } }; const tokenExpiration = { - atExpires: (Date.now() / TTL_WINDOW) + 1000, // at says it's valid, but ok == false - rtExpires: (Date.now() / TTL_WINDOW) + 1000 + atExpires: Date.now() + 1000, // at says it's valid, but ok == false + rtExpires: Date.now() + 1000 }; const response = 'los alamos'; @@ -382,7 +373,7 @@ describe('passThrough', () => { }; const tokenExpiration = { atExpires: Date.now() - 1000, - rtExpires: (Date.now() / TTL_WINDOW) + 1000 + rtExpires: Date.now() + 1000 }; const response = 'los alamos';