Don't allow overriding token ID with the same token ID (#2917)

jefferai · web-flow · commit 33d10f83e5d9 · 2017-06-24T01:52:48.000+01:00
Fixes #2916
diff --git a/vault/token_store.go b/vault/token_store.go
@@ -682,6 +682,12 @@ func (ts *TokenStore) create(entry *TokenEntry) error {
 		entry.ID = entryUUID
 	}
 
+	saltedId := ts.SaltID(entry.ID)
+	exist, _ := ts.lookupSalted(saltedId, true)
+	if exist != nil {
+		return fmt.Errorf("cannot create a token with a duplicate ID")
+	}
+
 	entry.Policies = policyutil.SanitizePolicies(entry.Policies, policyutil.DoNotAddDefaultPolicy)
 
 	err := ts.createAccessor(entry)
diff --git a/vault/token_store_test.go b/vault/token_store_test.go
@@ -465,6 +465,9 @@ func TestTokenStore_CreateLookup_ProvidedID(t *testing.T) {
 	if ent.ID != "foobarbaz" {
 		t.Fatalf("bad: ent.ID: expected:\"foobarbaz\"\n actual:%s", ent.ID)
 	}
+	if err := ts.create(ent); err == nil {
+		t.Fatal("expected error creating token with the same ID")
+	}
 
 	out, err := ts.Lookup(ent.ID)
 	if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -465,6 +465,9 @@ func TestTokenStore_CreateLookup_ProvidedID(t *testing.T) {`
`465`	`465`	`if ent.ID != "foobarbaz" {`
`466`	`466`	`t.Fatalf("bad: ent.ID: expected:\"foobarbaz\"\n actual:%s", ent.ID)`
`467`	`467`	`}`
	`468`	`+ if err := ts.create(ent); err == nil {`
	`469`	`+ t.Fatal("expected error creating token with the same ID")`
	`470`	`+ }`
`468`	`471`
`469`	`472`	`out, err := ts.Lookup(ent.ID)`
`470`	`473`	`if err != nil {`