Merge branch 'sh-geo-fix-iat' into 'master'

Fix broken time sync leeway with Geo See merge request !2208

Merge branch 'sh-geo-fix-iat' into 'master'
Fix broken time sync leeway with Geo See merge request !2208
8038cdac · Stan Hu · 9fd5c408 · e07793bd · 8038cdac · 8038cdac
Commit 8038cdac authored Jun 21, 2017 by Stan Hu
3 changed files
--- a/changelogs/unreleased-ee/sh-geo-fix-iat.yml
+++ b/changelogs/unreleased-ee/sh-geo-fix-iat.yml
+---
+title: Fix broken time sync leeway with Geo
+merge_request:
+author:
--- a/lib/gitlab/geo/jwt_request_decoder.rb
+++ b/lib/gitlab/geo/jwt_request_decoder.rb
@@ -41,7 +41,7 @@ module Gitlab
            encoded_message,
            secret,
            true,
-            { iat_leeway: IAT_LEEWAY, verify_iat: true, algorithm: 'HS256' }
+            { leeway: IAT_LEEWAY, verify_iat: true, algorithm: 'HS256' }
          )

          message = decoded.first

--- a/spec/lib/gitlab/geo/jwt_request_decoder_spec.rb
+++ b/spec/lib/gitlab/geo/jwt_request_decoder_spec.rb
@@ -27,10 +27,16 @@ describe Gitlab::Geo::JwtRequestDecoder do
      expect(described_class.new(data).decode).to be_nil
    end

+    it 'successfully decodes when clocks are off by IAT leeway' do
+      subject
+
+      Timecop.travel(30.seconds.ago) { expect(subject.decode).to eq(data) }
+    end
+
    it 'returns nil when clocks are not in sync' do
-      allow(JWT).to receive(:decode).and_raise(JWT::InvalidIatError)
+      subject

-      expect(subject.decode).to be_nil
+      Timecop.travel(2.minutes.ago) { expect(subject.decode).to be_nil }
    end

    it 'raises invalid decryption key error' do