jens/flipper
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Verify server certificates before returning existing token

Browse Source 
Summary:
If the server certificates have expired, then the returned token will no longer be valid as soon as the certificates are renewed.

So, validate this before returning any existing token.

This was not an issue before, as launching used to be the last step during bootstrapping.

Reviewed By: antonk52

Differential Revision: D48902334

fbshipit-source-id: 2458aa0df806db245994ee742f42bff47a533e23
This commit is contained in:
Lorenzo Blasa
2023-09-01 04:52:09 -07:00
committed by Facebook GitHub Bot
parent 4e7a6a70cc
commit 819c75c126
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
desktop/flipper-server-core/src/app-connectivity/certificate-exchange/certificate-utils.tsx
View File

@@ -168,6 +168,7 @@ const ensureServerCertExists = async (): Promise<void> => {
} catch (e) { } catch (e) {
console.warn('Not all certs are valid, generating new ones', e); console.warn('Not all certs are valid, generating new ones', e);
await generateServerCertificate(); await generateServerCertificate();
await generateAuthToken();
} }
}; };
@@ -317,6 +318,12 @@ export const generateAuthToken = async () => {
}; };
export const getAuthToken = async (): Promise<string> => { export const getAuthToken = async (): Promise<string> => {
// Ensure we check for the validity of certificates before
// returning an authentication token.
// If the server certificates have expired, they will need
// to be renewed and will invalidate any existing token.
await ensureServerCertExists();
if (!(await hasAuthToken())) { if (!(await hasAuthToken())) {
return generateAuthToken(); return generateAuthToken();
} }