From 8e3140c9d40d06659faaa1055a1c5cacef006787 Mon Sep 17 00:00:00 2001 From: Bill Erickson Date: Thu, 31 May 2018 15:12:55 -0400 Subject: [PATCH] LP#1774448 Auth poll spam/timing repairs Avoid spamming the server with authentication session checks on bad poll time values. Specifically, never poll more often than once per minute and avoid integer overflow on long authentication timeout values (greater than about 24.8 days) resulting in the poll running with an effective timeout of zero and spamming the server with API calls. Signed-off-by: Bill Erickson Signed-off-by: Jason Boyer --- Open-ILS/web/js/ui/default/staff/services/auth.js | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/Open-ILS/web/js/ui/default/staff/services/auth.js b/Open-ILS/web/js/ui/default/staff/services/auth.js index b93b6b8631..9048a34b78 100644 --- a/Open-ILS/web/js/ui/default/staff/services/auth.js +++ b/Open-ILS/web/js/ui/default/staff/services/auth.js @@ -286,6 +286,19 @@ function($q , $timeout , $rootScope , $window , $location , egNet , egHatch) { } } + // add a 5 second delay to give the token plenty of time + // to expire on the server. + var pollTime = service.authtime() * 1000 + 5000; + + if (pollTime < 60000) { + // Never poll more often than once per minute. + pollTime = 60000; + } else if (pollTime > 2147483647) { + // Avoid integer overflow resulting in $timeout() effectively + // running with timeout=0 in a loop. + pollTime = 2147483647; + } + $timeout( function() { egNet.request( @@ -304,9 +317,7 @@ function($q , $timeout , $rootScope , $window , $location , egNet , egHatch) { } }) }, - // add a 5 second delay to give the token plenty of time - // to expire on the server. - service.authtime() * 1000 + 5000 + pollTime ); } -- 2.11.0