diff options
| -rw-r--r-- | .github/workflows/create_release.yml | 1 | ||||
| -rw-r--r-- | CHANGELOG.md | 12 | ||||
| -rw-r--r-- | src/zenhttp/httpclientauth.cpp | 40 | ||||
| -rw-r--r-- | src/zenhttp/include/zenhttp/httpclientauth.h | 5 |
4 files changed, 44 insertions, 14 deletions
diff --git a/.github/workflows/create_release.yml b/.github/workflows/create_release.yml index 167367821..1ea3d2c3d 100644 --- a/.github/workflows/create_release.yml +++ b/.github/workflows/create_release.yml @@ -249,6 +249,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: v${{steps.read_version.outputs.content}} + target_commitish: ${{ github.sha }} body: | ${{steps.read_changelog.outputs.content}} draft: false diff --git a/CHANGELOG.md b/CHANGELOG.md index ba334dfed..bfe72c572 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -71,6 +71,18 @@ - Bugfix: Fixed shutdown event not being cleared after the server process exits in `ZenServerInstance::Shutdown()`, which could cause stale state on reuse - Bugfix: Don't try to wipe .sentry-native folder at missing manifest - sentry is already running. Reduces startup time by ~450 ms when data folder is empty +## 5.7.25 +- Improvement: OIDC token expiry parsing now validates the UTC timezone marker and handles sub-second precision gracefully +- Bugfix: Fixed crash at startup of zen storage server when build store was not enabled (but structured cache was enabled) + +## 5.7.24 +- Improvement: Updated libcurl to 8.19.0 to solve macOS trust issues (https://github.com/curl/curl/issues/20435) +- Bugfix: Authentication callbacks are not thread safe, ensured call sites does single threaded calls +- Bugfix: Retry OIDC token refresh once on failure before propagating the error +- Bugfix: Don't do unattended OIDC token refresh unless explicitly requested +- Bugfix: Don't hide the oidctoken process when fetching tokens in httpprojectstore +- Bugfix: Handle HTTP 501 (Not Implemented) from Jupiter as a signal to fall back from multi-range to single-range requests + ## 5.7.23 - Bugfix: Crash at startup if a log message was emitted before logging is properly initialized diff --git a/src/zenhttp/httpclientauth.cpp b/src/zenhttp/httpclientauth.cpp index 6a3f18b7a..1ebf1f949 100644 --- a/src/zenhttp/httpclientauth.cpp +++ b/src/zenhttp/httpclientauth.cpp @@ -142,21 +142,40 @@ namespace zen { namespace httpclientauth { if (JsonError.empty() == false) { - ZEN_WARN("Unable to parse Oidcs json response from {}. Reason: '{}'", AuthTokenPath, JsonError); + ZEN_WARN("Unable to parse OIDC json output file {}. Reason: '{}'", AuthTokenPath, JsonError); return HttpClientAccessToken{}; } std::string Token = Json["Token"].string_value(); std::string ExpiresAtUTCString = Json["ExpiresAtUtc"].string_value(); - ZEN_ASSERT(!ExpiresAtUTCString.empty()); + if (Token.empty()) + { + ZEN_WARN("The 'Token' field in json output file {} is empty", AuthTokenPath); + return HttpClientAccessToken{}; + } + if (ExpiresAtUTCString.empty()) + { + ZEN_WARN("The 'ExpiresAtUtc' field in json output file {} is empty", AuthTokenPath); + return HttpClientAccessToken{}; + } + if (ExpiresAtUTCString.back() != 'Z') + { + ZEN_WARN("The 'ExpiresAtUtc' field '{}' in json output file {} does not end with 'Z'; expected a UTC timestamp", + ExpiresAtUTCString, + AuthTokenPath); + return HttpClientAccessToken{}; + } - int Year = 0; - int Month = 0; - int Day = 0; - int Hour = 0; - int Minute = 0; - int Second = 0; - int Millisecond = 0; - sscanf(ExpiresAtUTCString.c_str(), "%d-%d-%dT%d:%d:%d.%dZ", &Year, &Month, &Day, &Hour, &Minute, &Second, &Millisecond); + int Year = 0; + int Month = 0; + int Day = 0; + int Hour = 0; + int Minute = 0; + int Second = 0; + if (sscanf(ExpiresAtUTCString.c_str(), "%d-%d-%dT%d:%d:%d", &Year, &Month, &Day, &Hour, &Minute, &Second) != 6) + { + ZEN_WARN("Unable to parse ExpiresAtUtc '{}' from json output file {}", ExpiresAtUTCString, AuthTokenPath); + return HttpClientAccessToken{}; + } std::tm Time = { Second, @@ -169,7 +188,6 @@ namespace zen { namespace httpclientauth { time_t UTCTime = timegm(&Time); HttpClientAccessToken::TimePoint ExpireTime = std::chrono::system_clock::from_time_t(UTCTime); - ExpireTime += std::chrono::milliseconds(Millisecond); return HttpClientAccessToken(fmt::format("Bearer {}"sv, Token), ExpireTime); } diff --git a/src/zenhttp/include/zenhttp/httpclientauth.h b/src/zenhttp/include/zenhttp/httpclientauth.h index f1bccdca6..ce646ebd7 100644 --- a/src/zenhttp/include/zenhttp/httpclientauth.h +++ b/src/zenhttp/include/zenhttp/httpclientauth.h @@ -10,9 +10,8 @@ namespace zen { class AuthMgr; namespace httpclientauth { - - // The std::function<HttpClientAccessToken()> instances returned from these functions are not guarateed to - // be thread safe so caller must make sure they are not called from multiple threads in parallell + // The std::function<HttpClientAccessToken()> instances returned from these functions are not guaranteed to + // be thread safe so caller must make sure they are not called from multiple threads in parallel std::function<HttpClientAccessToken()> CreateFromStaticToken(HttpClientAccessToken Token); |