diff --git a/arangod/Auth/TokenCache.cpp b/arangod/Auth/TokenCache.cpp index dda4ecd444..824869553a 100644 --- a/arangod/Auth/TokenCache.cpp +++ b/arangod/Auth/TokenCache.cpp @@ -173,32 +173,28 @@ auth::TokenCache::Entry auth::TokenCache::checkAuthenticationBasic( auth::TokenCache::Entry auth::TokenCache::checkAuthenticationJWT( std::string const& jwt) { - try { - // note that we need the write lock here because it is an LRU - // cache. reading from it will move the read entry to the start of - // the cache's linked list. so acquiring just a read-lock is - // insufficient!! + // note that we need the write lock here because it is an LRU + // cache. reading from it will move the read entry to the start of + // the cache's linked list. so acquiring just a read-lock is + // insufficient!! + { WRITE_LOCKER(writeLocker, _jwtLock); // intentionally copy the entry from the cache - auth::TokenCache::Entry const& entry = _jwtCache.get(jwt); - // would have thrown if not found - if (entry.expired()) { - try { + auth::TokenCache::Entry const* entry = _jwtCache.get(jwt); + if (entry != nullptr) { + // would have thrown if not found + if (entry->expired()) { _jwtCache.remove(jwt); - } catch (std::range_error const&) { + LOG_TOPIC(TRACE, Logger::AUTHENTICATION) << "JWT Token expired"; + return auth::TokenCache::Entry::Unauthenticated(); } - LOG_TOPIC(TRACE, Logger::AUTHENTICATION) << "JWT Token expired"; - return auth::TokenCache::Entry::Unauthenticated(); + if (_userManager != nullptr) { + // LDAP rights might need to be refreshed + _userManager->refreshUser(entry->username()); + } + return *entry; } - if (_userManager != nullptr) { - // LDAP rights might need to be refreshed - _userManager->refreshUser(entry.username()); - } - return entry; - } catch (std::range_error const&) { - // mop: not found } - std::vector const parts = StringUtils::split(jwt, '.'); if (parts.size() != 3) { LOG_TOPIC(TRACE, arangodb::Logger::AUTHENTICATION) @@ -224,16 +220,16 @@ auth::TokenCache::Entry auth::TokenCache::checkAuthenticationJWT( return auth::TokenCache::Entry::Unauthenticated(); } - auth::TokenCache::Entry entry = validateJwtBody(body); - if (!entry._authenticated) { + auth::TokenCache::Entry newEntry = validateJwtBody(body); + if (!newEntry._authenticated) { LOG_TOPIC(TRACE, arangodb::Logger::AUTHENTICATION) << "Couldn't validate jwt body " << body; return auth::TokenCache::Entry::Unauthenticated(); } WRITE_LOCKER(writeLocker, _jwtLock); - _jwtCache.put(jwt, entry); - return entry; + _jwtCache.put(jwt, newEntry); + return newEntry; } std::shared_ptr auth::TokenCache::parseJson( diff --git a/lib/Basics/LruCache.h b/lib/Basics/LruCache.h index d0f94f9e16..b708b52001 100644 --- a/lib/Basics/LruCache.h +++ b/lib/Basics/LruCache.h @@ -88,23 +88,24 @@ class LruCache { } } - const value_t& get(const key_t& key) { + value_t const* get(const key_t& key) { auto it = _cache_items_map.find(key); if (it == _cache_items_map.end()) { - throw std::range_error("There is no such key in cache"); + return nullptr; } else { _cache_items_list.splice(_cache_items_list.begin(), _cache_items_list, it->second); - return it->second->second; + return &it->second->second; } } - void remove(key_t const& key) { + bool remove(key_t const& key) { auto it = _cache_items_map.find(key); if (it == _cache_items_map.end()) { - throw std::range_error("There is no such key in cache"); + return false; } else { _cache_items_list.erase(it->second); _cache_items_map.erase(it); + return true; } }