From 2a05ce8eb87c23ef4a57119e547b2a25496b9a16 Mon Sep 17 00:00:00 2001 From: Bill Erickson Date: Thu, 31 May 2018 15:12:55 -0400 Subject: [PATCH] LP#1774448 Auth poll spam/timing repairs Avoid spamming the server with authentication session checks on bad poll time values. Specifically, never poll more often than once per minute and avoid integer overflow on long authentication timeout values (greater than about 24.8 days) resulting in the poll running with an effective timeout of zero and spamming the server with API calls. Signed-off-by: Bill Erickson Signed-off-by: Jason Boyer --- .../web/js/ui/default/staff/services/auth.js | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/Open-ILS/web/js/ui/default/staff/services/auth.js b/Open-ILS/web/js/ui/default/staff/services/auth.js index b93b6b8631..9048a34b78 100644 --- a/Open-ILS/web/js/ui/default/staff/services/auth.js +++ b/Open-ILS/web/js/ui/default/staff/services/auth.js @@ -286,6 +286,19 @@ function($q , $timeout , $rootScope , $window , $location , egNet , egHatch) { } } + // add a 5 second delay to give the token plenty of time + // to expire on the server. + var pollTime = service.authtime() * 1000 + 5000; + + if (pollTime < 60000) { + // Never poll more often than once per minute. + pollTime = 60000; + } else if (pollTime > 2147483647) { + // Avoid integer overflow resulting in $timeout() effectively + // running with timeout=0 in a loop. + pollTime = 2147483647; + } + $timeout( function() { egNet.request( @@ -304,9 +317,7 @@ function($q , $timeout , $rootScope , $window , $location , egNet , egHatch) { } }) }, - // add a 5 second delay to give the token plenty of time - // to expire on the server. - service.authtime() * 1000 + 5000 + pollTime ); } -- 2.43.2