From: Bill Erickson Date: Thu, 31 May 2018 19:12:55 +0000 (-0400) Subject: LP#1774448 Auth poll spam/timing repairs X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=2a05ce8eb87c23ef4a57119e547b2a25496b9a16;p=evergreen%2Fmasslnc.git LP#1774448 Auth poll spam/timing repairs Avoid spamming the server with authentication session checks on bad poll time values. Specifically, never poll more often than once per minute and avoid integer overflow on long authentication timeout values (greater than about 24.8 days) resulting in the poll running with an effective timeout of zero and spamming the server with API calls. Signed-off-by: Bill Erickson Signed-off-by: Jason Boyer --- diff --git a/Open-ILS/web/js/ui/default/staff/services/auth.js b/Open-ILS/web/js/ui/default/staff/services/auth.js index b93b6b8631..9048a34b78 100644 --- a/Open-ILS/web/js/ui/default/staff/services/auth.js +++ b/Open-ILS/web/js/ui/default/staff/services/auth.js @@ -286,6 +286,19 @@ function($q , $timeout , $rootScope , $window , $location , egNet , egHatch) { } } + // add a 5 second delay to give the token plenty of time + // to expire on the server. + var pollTime = service.authtime() * 1000 + 5000; + + if (pollTime < 60000) { + // Never poll more often than once per minute. + pollTime = 60000; + } else if (pollTime > 2147483647) { + // Avoid integer overflow resulting in $timeout() effectively + // running with timeout=0 in a loop. + pollTime = 2147483647; + } + $timeout( function() { egNet.request( @@ -304,9 +317,7 @@ function($q , $timeout , $rootScope , $window , $location , egNet , egHatch) { } }) }, - // add a 5 second delay to give the token plenty of time - // to expire on the server. - service.authtime() * 1000 + 5000 + pollTime ); }