fix: race condition in AuthRefresh that could cause user to be logged out

2020-07-16 10:19:50 +02:00
parent 11e01ca163
commit bf0945eaef
3 changed files with 6 additions and 0 deletions
--- a/pkg/pmapi/auth.go
+++ b/pkg/pmapi/auth.go
@ -357,6 +357,9 @@ func (c *client) Auth2FA(twoFactorCode string, auth *Auth) (*Auth2FA, error) {

 // AuthRefresh will refresh an expired access token.
 func (c *client) AuthRefresh(uidAndRefreshToken string) (auth *Auth, err error) {
+	c.refreshLocker.Lock()
+	defer c.refreshLocker.Unlock()
+
 	// If we don't yet have a saved access token, save this one in case the refresh fails!
 	// That way we can try again later (see handleUnauthorizedStatus).
 	c.cm.setTokenIfUnset(c.userID, uidAndRefreshToken)