diff --git a/src/main/java/io/cryostat/net/OpenShiftAuthManager.java b/src/main/java/io/cryostat/net/OpenShiftAuthManager.java index eb1b9d1882..c95477b9ab 100644 --- a/src/main/java/io/cryostat/net/OpenShiftAuthManager.java +++ b/src/main/java/io/cryostat/net/OpenShiftAuthManager.java @@ -315,16 +315,7 @@ public Future validateWebSocketSubProtocol( private Future deleteToken(String token) { try (OpenShiftClient client = clientProvider.apply(getServiceAccountToken())) { String serviceAccountAsOAuthClient = this.getServiceAccountName(); - - // FIXME reuse performTokenReview instead of copying it here - TokenReview review = - new TokenReviewBuilder().withNewSpec().withToken(token).endSpec().build(); - review = client.tokenReviews().create(review); - TokenReviewStatus status = review.getStatus(); - if (StringUtils.isNotBlank(status.getError())) { - return CompletableFuture.failedFuture( - new AuthorizationErrorException(status.getError())); - } + TokenReviewStatus status = performTokenReview(token).get(); String uid = status.getUser().getUid(); List userOauthAccessTokens = diff --git a/src/test/java/io/cryostat/net/OpenShiftAuthManagerTest.java b/src/test/java/io/cryostat/net/OpenShiftAuthManagerTest.java index 1285e5dd45..c6072fdd5c 100644 --- a/src/test/java/io/cryostat/net/OpenShiftAuthManagerTest.java +++ b/src/test/java/io/cryostat/net/OpenShiftAuthManagerTest.java @@ -61,6 +61,7 @@ import io.cryostat.net.security.ResourceAction; import io.cryostat.net.security.ResourceType; import io.cryostat.net.security.ResourceVerb; +import io.cryostat.net.UserInfo; import com.google.gson.Gson; import io.fabric8.kubernetes.api.model.authentication.TokenReview; @@ -72,6 +73,7 @@ import io.fabric8.kubernetes.client.dsl.NonNamespaceOperation; import io.fabric8.openshift.api.model.OAuthAccessToken; import io.fabric8.openshift.api.model.OAuthAccessTokenList; +import io.fabric8.openshift.client.DefaultOpenShiftClient; import io.fabric8.openshift.client.OpenShiftClient; import io.fabric8.openshift.client.server.mock.EnableOpenShiftMockClient; import io.fabric8.openshift.client.server.mock.OpenShiftMockServer; @@ -445,7 +447,9 @@ public Void answer(InvocationOnMock args) throws Throwable { @Test void shouldReturnLogoutRedirectUrl() throws Exception { Mockito.when(fs.readFile(Paths.get(Config.KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH))) - .thenReturn(new BufferedReader(new StringReader(SERVICE_ACCOUNT_TOKEN))); + .thenReturn( + new BufferedReader(new StringReader(SERVICE_ACCOUNT_TOKEN)), + new BufferedReader(new StringReader(SERVICE_ACCOUNT_TOKEN))); Mockito.when(fs.readFile(Paths.get(Config.KUBERNETES_NAMESPACE_PATH))) .thenReturn( new BufferedReader(new StringReader(NAMESPACE)), @@ -512,7 +516,9 @@ public Void answer(InvocationOnMock args) throws Throwable { @ValueSource(booleans = {false}) void shouldThrowWhenTokenDeletionFailsOnLogout(Boolean deletionFailure) throws Exception { Mockito.when(fs.readFile(Paths.get(Config.KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH))) - .thenReturn(new BufferedReader(new StringReader(SERVICE_ACCOUNT_TOKEN))); + .thenReturn( + new BufferedReader(new StringReader(SERVICE_ACCOUNT_TOKEN)), + new BufferedReader(new StringReader(SERVICE_ACCOUNT_TOKEN))); Mockito.when(fs.readFile(Paths.get(Config.KUBERNETES_NAMESPACE_PATH))) .thenReturn( new BufferedReader(new StringReader(NAMESPACE)), @@ -692,9 +698,6 @@ private static class TokenProvider implements Function @Override public OpenShiftClient apply(String token) { - if (this.token != null) { - throw new IllegalStateException("Token was already set!"); - } this.token = token; return osc; }