fix #5505: clear authCache when pwd changes

2016-02-02 17:50:13 -05:00 · 2016-02-02 17:50:13 -05:00 · efbac5fce2
parent 1c19320e79
commit efbac5fce2
3 changed files with 30 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -37,6 +37,7 @@
 - [#5475](https://github.com/influxdata/influxdb/issues/5475): Ensure appropriate exit code returned for non-interactive use of CLI.
 - [#5479](https://github.com/influxdata/influxdb/issues/5479): Bringing up a node as a meta only node causes panic
 - [#5504](https://github.com/influxdata/influxdb/issues/5475): create retention policy on unexistant DB crash InfluxDB
+- [#5505](https://github.com/influxdata/influxdb/issues/5505): Clear authCache in meta.Client when password changes.

 ## v0.9.6 [2015-12-09]

--- a/services/meta/client.go
+++ b/services/meta/client.go
@ -553,12 +553,20 @@ func (c *Client) UpdateUser(name, password string) error {
 		return err
 	}

-	return c.retryUntilExec(internal.Command_UpdateUserCommand, internal.E_UpdateUserCommand_Command,
+	err = c.retryUntilExec(internal.Command_UpdateUserCommand, internal.E_UpdateUserCommand_Command,
 		&internal.UpdateUserCommand{
 			Name: proto.String(name),
 			Hash: proto.String(string(hash)),
 		},
 	)
+
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if err == nil {
+		delete(c.authCache, name)
+	}
+
+	return err
 }

 func (c *Client) DropUser(name string) error {
--- a/services/meta/service_test.go
+++ b/services/meta/service_test.go
@ -356,6 +356,26 @@ func TestMetaService_CreateUser(t *testing.T) {
 		t.Fatalf("authentication should fail with %s", meta.ErrAuthenticate)
 	}

+	// Change password should succeed.
+	if res := c.ExecuteStatement(mustParseStatement("SET PASSWORD FOR fred = 'moresupersecure'")); res.Err != nil {
+		t.Fatal(res.Err)
+	}
+
+	// Auth for old password should fail
+	u, err = c.Authenticate("fred", "supersecure")
+	if u != nil || err != meta.ErrAuthenticate {
+		t.Fatalf("authentication should fail with %s", meta.ErrAuthenticate)
+	}
+
+	// Auth for new password should succeed.
+	u, err = c.Authenticate("fred", "moresupersecure")
+	if u == nil || err != nil {
+		t.Fatalf("failed to authenticate")
+	}
+	if u.Name != "fred" {
+		t.Fatalf("failed to authenticate")
+	}
+
 	// Auth for unkonwn user should fail
 	u, err = c.Authenticate("foo", "")
 	if u != nil || err != meta.ErrUserNotFound {