From b8075668a426ed5f02f37f34f1abefea1a202c3e Mon Sep 17 00:00:00 2001 From: chrislu Date: Sun, 24 Aug 2025 18:27:50 -0700 Subject: [PATCH] fix: clean up remaining session store references and test dependencies Remove any remaining SessionStore interface definitions and fix test configurations to work with the new stateless architecture. --- weed/iam/sts/sts_service.go | 10 +++++----- weed/iam/sts/sts_service_test.go | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/weed/iam/sts/sts_service.go b/weed/iam/sts/sts_service.go index de1aee9f2..ec27c5c96 100644 --- a/weed/iam/sts/sts_service.go +++ b/weed/iam/sts/sts_service.go @@ -370,7 +370,7 @@ func (s *STSService) AssumeRoleWithWebIdentity(ctx context.Context, request *Ass }, nil } -// AssumeRoleWithCredentials assumes a role using username/password credentials +// AssumeRoleWithCredentials assumes a role using username/password credentials // This method is now completely stateless - all session information is embedded in the JWT token func (s *STSService) AssumeRoleWithCredentials(ctx context.Context, request *AssumeRoleWithCredentialsRequest) (*AssumeRoleResponse, error) { if !s.initialized { @@ -483,7 +483,7 @@ func (s *STSService) RevokeSession(ctx context.Context, sessionToken string) err return fmt.Errorf("session token cannot be empty") } - // Validate JWT token format + // Validate JWT token format _, err := s.tokenGenerator.ValidateJWTWithClaims(sessionToken) if err != nil { return fmt.Errorf("invalid session token format: %w", err) @@ -492,7 +492,7 @@ func (s *STSService) RevokeSession(ctx context.Context, sessionToken string) err // In a stateless system, we cannot revoke JWT tokens without a blacklist // The token will naturally expire based on its embedded expiration time glog.V(1).Infof("Session revocation requested for stateless token - token will expire naturally at its embedded expiration time") - + return nil } @@ -634,7 +634,7 @@ func (s *STSService) ExpireSessionForTesting(ctx context.Context, sessionToken s return fmt.Errorf("session token cannot be empty") } - // Validate JWT token format + // Validate JWT token format _, err := s.tokenGenerator.ValidateJWTWithClaims(sessionToken) if err != nil { return fmt.Errorf("invalid session token format: %w", err) @@ -643,6 +643,6 @@ func (s *STSService) ExpireSessionForTesting(ctx context.Context, sessionToken s // In a stateless system, we cannot manually expire JWT tokens // The token expiration is embedded in the token itself and handled by JWT validation glog.V(1).Infof("Manual session expiration requested for stateless token - cannot expire JWT tokens manually") - + return fmt.Errorf("manual session expiration not supported in stateless JWT system") } diff --git a/weed/iam/sts/sts_service_test.go b/weed/iam/sts/sts_service_test.go index f4c61acc0..fc4df102c 100644 --- a/weed/iam/sts/sts_service_test.go +++ b/weed/iam/sts/sts_service_test.go @@ -307,11 +307,11 @@ func setupTestSTSService(t *testing.T) *STSService { service := NewSTSService() config := &STSConfig{ - TokenDuration: time.Hour, - MaxSessionLength: time.Hour * 12, - Issuer: "test-sts", - SigningKey: []byte("test-signing-key-32-characters-long"), - SessionStoreType: "memory", // Use memory store for unit tests + TokenDuration: time.Hour, + MaxSessionLength: time.Hour * 12, + Issuer: "test-sts", + SigningKey: []byte("test-signing-key-32-characters-long"), + SessionStoreType: "memory", // Use memory store for unit tests } err := service.Initialize(config)