A race condition invalidateToken while authenticating a request

[ChangXiaoning]

It is a race in services/keystoneAuth.js.

I want to call invalidateToken() function to clear currentToken (i.e., set currentToken to null) and then validate other requests using authenticate() function. Then, authenticate() function checks whether currentToken is null, if it is null, it will authenticate the request asynchronously, using request(options, cb). However, another asynchronous authenticating request can return at this time, which sets the currentToken to req.token and impacts the currentToken to non-null (I have called invalidateToken to null to authenticate following request).

[fgalan]

Thank you for the detailed report!

It seems you have looked to the problem very closely. Maybe it would a good idea to do a pull request with a proposed fix so we can evaluate it, please? Thanks again!

[AlvaroVega]

But invalidateToken is called by nobody:

fiware-pep-steelskin/lib/services/keystoneAuth.js

Line 560 in e2be86b

function invalidateToken(callback) {

and currentToken is set to null by retrieveRequest functions.

If that currentToken is set to null in the meantime of authenticate and then fail, some retries (3) will be performed and then no race condition effects will matter.

[ChangXiaoning]

@AlvaroVega Hi, I have a question: you explain that "If that currentToken is set to null in the meantime of authenticate and then fail, some retries (3) will be performed and then no race condition effects will matter". I think the effect in this case is that, it wastes some requests (because the useful currentToken is overwritten by null) and following retries(3) will be performed and retrives the same useful currentToken. In other words, "waste" means an effect of performance degradation. Thanks again!