From efbac5fce25f07b289b6068dd956d43505d05de2 Mon Sep 17 00:00:00 2001
From: David Norton <dgnorton@gmail.com>
Date: Tue, 2 Feb 2016 17:50:13 -0500
Subject: [PATCH] fix #5505: clear authCache when pwd changes

---
 CHANGELOG.md                  |  1 +
 services/meta/client.go       | 10 +++++++++-
 services/meta/service_test.go | 20 ++++++++++++++++++++
 3 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0e52ff7554..7ea875f2dd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -37,6 +37,7 @@
 - [#5475](https://github.com/influxdata/influxdb/issues/5475): Ensure appropriate exit code returned for non-interactive use of CLI.
 - [#5479](https://github.com/influxdata/influxdb/issues/5479): Bringing up a node as a meta only node causes panic
 - [#5504](https://github.com/influxdata/influxdb/issues/5475): create retention policy on unexistant DB crash InfluxDB
+- [#5505](https://github.com/influxdata/influxdb/issues/5505): Clear authCache in meta.Client when password changes.
 
 ## v0.9.6 [2015-12-09]
 
diff --git a/services/meta/client.go b/services/meta/client.go
index ad6675b43b..d33d2f5dca 100644
--- a/services/meta/client.go
+++ b/services/meta/client.go
@@ -553,12 +553,20 @@ func (c *Client) UpdateUser(name, password string) error {
 		return err
 	}
 
-	return c.retryUntilExec(internal.Command_UpdateUserCommand, internal.E_UpdateUserCommand_Command,
+	err = c.retryUntilExec(internal.Command_UpdateUserCommand, internal.E_UpdateUserCommand_Command,
 		&internal.UpdateUserCommand{
 			Name: proto.String(name),
 			Hash: proto.String(string(hash)),
 		},
 	)
+
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if err == nil {
+		delete(c.authCache, name)
+	}
+
+	return err
 }
 
 func (c *Client) DropUser(name string) error {
diff --git a/services/meta/service_test.go b/services/meta/service_test.go
index 505b8a660a..45cfb9628f 100644
--- a/services/meta/service_test.go
+++ b/services/meta/service_test.go
@@ -356,6 +356,26 @@ func TestMetaService_CreateUser(t *testing.T) {
 		t.Fatalf("authentication should fail with %s", meta.ErrAuthenticate)
 	}
 
+	// Change password should succeed.
+	if res := c.ExecuteStatement(mustParseStatement("SET PASSWORD FOR fred = 'moresupersecure'")); res.Err != nil {
+		t.Fatal(res.Err)
+	}
+
+	// Auth for old password should fail
+	u, err = c.Authenticate("fred", "supersecure")
+	if u != nil || err != meta.ErrAuthenticate {
+		t.Fatalf("authentication should fail with %s", meta.ErrAuthenticate)
+	}
+
+	// Auth for new password should succeed.
+	u, err = c.Authenticate("fred", "moresupersecure")
+	if u == nil || err != nil {
+		t.Fatalf("failed to authenticate")
+	}
+	if u.Name != "fred" {
+		t.Fatalf("failed to authenticate")
+	}
+
 	// Auth for unkonwn user should fail
 	u, err = c.Authenticate("foo", "")
 	if u != nil || err != meta.ErrUserNotFound {