TykTechnologies / tyk

64%

master: %

LAST BUILD ON BRANCH fix/2304-jwt-expiration

branch: fix/2304-jwt-expiration

CHANGE BRANCH

x

Reset

• fix/2304-jwt-expiration
• 1.3
• 1.3.0.1
• 1.4
• 1.5
• 1.5.1
• 1194-upstream-cache-control-response-header
• 2.7
• 2.9.3-old-go
• 2.9.3.1
• 713-correlation-id
• Add_RSA_Request_Signing_Validation
• Extend_Cert_tests
• Luan-edit-tyk-conf-1
• Luan-update-tyk.conf.example
• LuanvP-typo-fix
• access-rights-limit-reset
• add-js-req-proto
• add-router-locks
• add_create_time_to_token
• always-decode-jwt-source-1388
• analytics-record-path-fix
• api-level-rl
• api-limit-fix
• apply-new-policy-from-jwt-to-curr-session
• apply-policy-to-key-on-create
• as-images
• as/pc-r29
• as/plugincompiler-r2.9
• as/rpmsign
• asoorm-log-fields
• asoorm-mw_basis_auth_test
• asyncupdatepool
• ba-auth-fix
• ba-getkey-fix
• batchssl
• benchmark-default-version-profiling
• benchmarking
• benchmarking-instrumentation
• bigcache
• block-invalid-policies-in-jwt
• bug-allow-remote-config
• bug-fix-dns-for-testing
• bug-version-path
• bug/1222-fix-key-update
• bug/2061-fix-method-transform
• bug/2069-fix-method-transform
• bug/2072-fix-url-match-trailing-slash
• bug/2080-fix-apiloader-race
• bug/2195-fix-looping-bug
• bug/2211-fix-strip-path
• bug/2313-fix-rewrite-path-issue
• bug/fix_URLRewrite_Issues
• bugfix/fix-custom-auth
• bugfix/uptime-checks-nodes
• bugfix/uses-api-level-config-instead-of-global
• bump_version
• cache-etag
• cacheoptions
• cautious-reload
• change-cli-package
• check-encoded-jwks
• cherry-temp
• chunked-quota-limiter
• circuit-breaker-improvement
• circuit-leakage-fix
• client-closing
• client-context-close
• codecleanup
• conf-example-edit
• config-global-races-fix
• config-loglevel
• configurable-jsvm-timeout
• configurable_default_proxy_timeout
• configured-http-client
• configured_clock_skew
• context-jwt-header-claims
• context-var-number-support
• coprocess_config_data
• coprocess_jsvm_consitency
• coprocess_vendor
• create-custom-key
• create-oauth-app-fix
• create-oauth-client-endpoint-change
• custom-coprocess-error-messages
• custom-healtcheck-name
• default-murmur64
• deregisterpanic
• devenv-fix
• disable-travis-notifications
• disablekeepalives
• dns-ttl-tests
• doc/js-samples
• dont-use-servemux
• dq-cherrypick
• dq-squash
• drl-server-does-not-exists-fix
• endpointpath
• enhancement/decr-quota
• errors-in-log-fix
• event-debug-log
• experiment/coprocess
• experiment/hash
• experiment/rpc-reconnect
• extend_looping_test
• extended-rewrites
• feature/1855-basic-auth-body-extraction
• feature/2045-custom-signature-validation
• feature/2055-update-key-with-hash
• feature/2066-hmac-alt-signature-support
• feature/2120-loop-another-api
• feature/216-dashboard-gateway-mutual-tls
• feature/2234_Add_HMAC_middleware
• feature/add-support-of-wsdl
• feature/api-def-create
• feature/api-healthcheck
• feature/api-latency-check
• feature/blueprint
• feature/cache
• feature/dynamic-api-certificates
• feature/issue-495-Cache_DNS
• feature/issue-495-wss-fix
• feature/issues/640-body_transforms
• feature/ldap
• feature/method-path-ignore
• feature/middleware-headers
• feature/middleware-wlker
• feature/multi_policy_addon
• feature/naive-cache
• feature/organisation-middleware
• feature/plugins
• feature/rate-data
• feature/return_key_hash
• feature/rolling-rate-limit
• feature/tcp-proxy
• feature/template-middleware
• feature/unified-reload
• feature/urlrewrite-request-context
• fix-1924
• fix-api-level-rl
• fix-browser-cert-window
• fix-buddy-works-versioning
• fix-cert-pinning-crash
• fix-concurrent-session-writting-release2.9
• fix-conflicting-paths
• fix-control-api-empty-spec
• fix-coprocess-auth-empty-token
• fix-dashboard-api-reloads
• fix-default-version
• fix-empty-reloads
• fix-emty-body-transform
• fix-gw-reloads
• fix-hmac-timezone-issue
• fix-host-header
• fix-hostchecker
• fix-http-connection-leak
• fix-json-transform
• fix-jsvm-load-err
• fix-jsvm-log-tests
• fix-jsvm-rawlog
• fix-jwt-url
• fix-key-logging
• fix-keyapi-quota-calculation
• fix-license-upgrade
• fix-looping-rate-quota
• fix-max-conn-time
• fix-min-char-only
• fix-mutex-2.9.4.4
• fix-org-monitor-panic
• fix-panic-when-track-endpoint
• fix-pinned-domain-dot
• fix-proxy-certificate-pinning
• fix-python-tests
• fix-rcp-reload
• fix-response-transform-encoding
• fix-rpc-backup
• fix-rpc-keyspace-updates
• fix-spec-domain-loader
• fix-test-redis-port
• fix-uptime-reverse-logic
• fix-uptime-test-wait-time-default
• fix-url-parsing
• fix-url-rewrite-context
• fix-url-versioning-bug
• fix-vendoring
• fix-virtual-path-caching
• fix/1222-fix-key-update
• fix/1470-limits-and-quotas-per-multiple-policy
• fix/1479-fix-multi-policy-quota-reset
• fix/1483-fix-drl-ratelimit-update
• fix/1855-basic-auth-body
• fix/2.8-leak
• fix/2064-fix-plugins-after-url-rewrite
• fix/2067-listen-path-match-conflict
• fix/2105-fix-grpc
• fix/2108-fix-key-removal
• fix/2158-hash-oauth-access-tokens
• fix/2158-hash-oauth-tokens
• fix/2184-cache-org-key-failed-attempts
• fix/2236-fix-async-session-update-leak
• fix/2238-fix-basic-auth-cache
• fix/2250-fix-logstash-panic
• fix/2289-instrumentation-overhead
• fix/2314-oauth-multiple-apis
• fix/2390-certificate-hybrid
• fix/2448-json-validation-messages
• fix/2538-2.9-hybrid-compatibility
• fix/2831/reload-leaks-memory
• fix/chain-leak
• fix/go-jose-rollback
• fix/improve-api-limit-tests
• fix/redis-timeout
• fix/sse-streaming-support
• fix_SD_panic
• fix_build
• fix_coprocess_test
• fix_schema_json
• fix_user_regexp_panic
• fix_webhook
• fixheartbeat
• fixracyratetest
• fmtchange
• gatewaystartversion
• gatewaytlsclient
• gh_tempaltes
• git_hub_templates
• gitignore
• global-cache-fix
• go-native-plugins
• go-plugins
• goja
• grpc-proxy
• handle-api-decode-failure
• header-based-tagging
• hello
• hot_reload_panic
• http2
• id-extractor-refactoring
• improve-error-messages
• improve-rpc-relogin
• improvement/dlpython-build-tags
• improvement/pkg-options
• integration_tests
• invalidate-tokens-delete-oauthclient
• jq-transformations
• json-validation
• json-validation-ahm
• jsurlschemeexpose
• jsvm_insecure_skip_verify
• jwtrespectexpire
• keepalive-fix
• key-00000000-fix
• key-hashing-v2
• key-without-api
• keycreatemdcb
• keyexpiredhook
• keylengtherror
• keyspace-log-warning-spell-fix
• letzya-patch-1
• letzya_branch
• links-back-to-website
• lintexit
• list-oauth-client-tokens-endpoint
• listen-0
• logstash-reconnect
• looping
• lower-log-verbosity
• make-rpc-pool-configurable
• mark-edits
• mark-update-policy
• marksou-patch-1
• marksou-patch-2
• master
• master-memory-fix
• matiasinsaurralde-patch-1
• matiasinsaurralde-proto-add-request-uri
• max-conn-time
• mdcb_register_refactoring
• mdcb_ssl
• merge-fix-rpc-return
• meta-data-resp
• metanokey
• middlewareload
• min-char-fix
• minor-typos
• missing_cors_invalid_token
• modify-headers-preceding-slash
• mongos-pubsub
• more-logging-when-apply-policies
• move_api_schema
• multiple-acl-partitions
• mutual_tls
• mutual_tls-mvdan
• new-tags-in-analytics-record
• no-logging-for-tokens
• oas-api-versionning
• oauth_add_security_cache_headers
• obfuscatekey
• oidcpolicychange
• only-load-active-apis
• only-one-api-deactivating-fix
• open-conns
• openid401
• optional-le
• org-keys-enpoint-fix
• org-level-rate-limiting
• orgmap-syncmap
• package-change-cli
• port-strip-auth
• pr/1260
• profile-benchmark-context-vars-middleware
• profile-benchmark-copy-request-response
• profile-benchmark-url-replacer
• proxy-per-api
• proxy-transport-tls-config
• public-key-pinning
• query-hashed-keys
• quota-counter-fix
• quota-limiter-experiment
• real-ips
• redistls
• regexp-init-fix
• release-2.3.4-backport
• release-2.4
• release-2.5
• release-2.6
• release-2.7
• release-2.8
• release-2.8-common-name-fix
• release-2.8-debug
• release-2.8.1
• release-2.9
• release-2.9-old-go
• release-2.9.3.2
• reload-integration-tests
• reload-when-only-one-api-deactivated
• remove-ratelimit-session-update
• remove-vendored-context
• removing-manager-poller-conf
• rename-sample-middleware-files
• response-overrides
• revert-1176-only-load-active-apis
• revert-2114-feature/1838-cache-post-requests
• revert-drl-fix
• rewriting
• rpc-emit-eventkv-fix
• rpc-package
• rpc-transport-package
• rpchandleevents
• schema-null-support
• scope-policy-mapping
• scopes-changes
• session-update-panic-fix
• sessionbench
• sessiontags
• set-tls-certificate-ws-fix
• skip-inactive-apis
• skip-kid-1551
• skip-path-escaping-option
• slavepurgepanic
• statsd-logging-for-rpc-events
• stripauthheader
• stripurlversion
• swagger-annotations
• swagger-tracked-urls
• switch-policy-if-changed-in-claim
• switch-to-msgpack-v4
• switch-to-tyktechnologies-gorpc
• targeturlstripslash
• tcf-pubsub
• test-framework-improvements
• testing/coverage
• testing/more-tests
• tests-fix-2.9
• tlsciphers
• tlsrenegotiation
• tracing
• travis_11
• tyk-conf-skip-escaping
• tyk-crash-fix
• typo_fix
• typofix
• update-default-uptime-config
• update-key-reset-quota-fix
• update-key-reset-ratelimit-fix
• update-session-fix
• url-rewrite-api-loader-fix
• url-rewrite-panic-fix
• url-rewrite-regexp-group
• url-rewrite-response-transform-url-match
• url-rewrites-negative-logic
• urlrewrite-refactoring
• use-session-cache-for-org
• v1.5.1
• v2.3.11
• v2.3.12
• v2.3.5
• v2.3.6
• v2.4.0
• v2.4.1
• v2.4.2
• v2.4.3
• v2.5.0
• v2.5.1
• v2.5.2
• v2.5.3
• v2.5.4
• v2.5.5
• v2.6.0
• v2.6.1
• v2.6.2
• v2.6.3
• v2.6.4
• v2.7.0
• v2.7.1
• v2.7.2
• v2.7.3
• v2.7.4
• v2.7.5
• v2.7.6
• v2.7.7
• v2.8.1
• v2.8.2
• v2.8.3
• v2.8.4
• v2.8.5
• v2.8.6
• v2.8.7
• v2.9.0
• v2.9.3
• v2.9.3-rc1
• v2.9.3.2
• v2.9.4.1
• v2.9.4.2
• v2.9.4.3
• v2.9.4.4
• v2.9.4.5
• v2.9.4.6
• v2.9.4.7
• v2.9.4.8
• version-default
• version_bump
• version_update
• virtual-endpoint-error-fix
• virtual-endpoint-timeout
• wait-for-redis-before-proxying
• webhooktemplate
• websockets-connection-fix
• whitelistfix
• whitelistfix-leon
• worker-process-model-experiment
• ws-endpoint-fix
• x-ratelimit-remaining-fix
• yaara-test

Build # 6705

Build Type

Pull #2310

travis-ci

Committed by web-flow

Commit Message

Fix JWT expiration

With code added in #1849 we made JWT keys set expiration on keys (pick
    whatever bigger either policy or token value)

However this change introduce bug in situation when policy is set to
"Never Expire" (or just lower then JWT value):
if JWT key expire its expiration value gets hold in session value, and
never gets overriden, even if JWT token gets re-issued.

The bug itself consists of two parts.
1) Code which should update the session for alredy existing JWT token
gets run ONLY if policy ID has changed
2) Code above updates only local session cache, but not propagate change
to the Redis

This PR fix both 1) and 2), and adds test coverting this issue.

Fix #2304

Pull Request Pull Request #2310: Fix JWT expiration

Run Details

13 of 13 new or added lines in 1 file covered. (100.0%)

11321 of 17746 relevant lines covered (63.79%)

0.71 hits per line