Fix broken time sync leeway with Geo

Previous versions did not properly set the IAT leeway properly, causing many Geo API requests to be marked invalid. The problem was that the ruby-jwt `master` used `iat_leeway` as the parameter, but v1.5.6 actually used `leeway`.

Fix broken time sync leeway with Geo
Previous versions did not properly set the IAT leeway properly, causing many Geo API requests to be marked invalid. The problem was that the ruby-jwt `master` used `iat_leeway` as the parameter, but v1.5.6 actually used `leeway`.
e07793bd · Stan Hu · 9fd5c408 · e07793bd · e07793bd · e07793bd
Commit e07793bd authored Jun 21, 2017 by Stan Hu
3 changed files
--- a/changelogs/unreleased-ee/sh-geo-fix-iat.yml
+++ b/changelogs/unreleased-ee/sh-geo-fix-iat.yml
+---
+title: Fix broken time sync leeway with Geo
+merge_request:
+author:
--- a/lib/gitlab/geo/jwt_request_decoder.rb
+++ b/lib/gitlab/geo/jwt_request_decoder.rb
@@ -41,7 +41,7 @@ module Gitlab
            encoded_message,
            secret,
            true,
-            { iat_leeway: IAT_LEEWAY, verify_iat: true, algorithm: 'HS256' }
+            { leeway: IAT_LEEWAY, verify_iat: true, algorithm: 'HS256' }
          )
          message = decoded.first

--- a/spec/lib/gitlab/geo/jwt_request_decoder_spec.rb
+++ b/spec/lib/gitlab/geo/jwt_request_decoder_spec.rb
@@ -27,10 +27,16 @@ describe Gitlab::Geo::JwtRequestDecoder do
      expect(described_class.new(data).decode).to be_nil
    end
+    it 'successfully decodes when clocks are off by IAT leeway' do
+      subject
+      Timecop.travel(30.seconds.ago) { expect(subject.decode).to eq(data) }
+    end
    it 'returns nil when clocks are not in sync' do
-      allow(JWT).to receive(:decode).and_raise(JWT::InvalidIatError)
+      subject
-      expect(subject.decode).to be_nil
+      Timecop.travel(2.minutes.ago) { expect(subject.decode).to be_nil }
    end
    it 'raises invalid decryption key error' do