From a569060d59ee5ba9507038e0c3cd0d90956b4217 Mon Sep 17 00:00:00 2001 From: John Olav Lund Date: Wed, 11 Dec 2024 10:02:14 +0100 Subject: [PATCH] fix: Resend the inventory when the device has reauthenticated When using mutual TLS authentication the devices are authenticated by the gateway and will be automatically authorized in the server. This reauthentication happens without posting any error codes to the callback when polling for new deployments. Need to instead explcitly check if the device has reauthenticated and clear the inventory cache if that's the case. Ticket: MEN-7820 Changelog: None Signed-off-by: John Olav Lund --- src/api/client.cpp | 1 + src/api/client.hpp | 9 +++++++++ src/mender-update/daemon/states.cpp | 7 ++++++- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/src/api/client.cpp b/src/api/client.cpp index 170764857..b6ff747af 100644 --- a/src/api/client.cpp +++ b/src/api/client.cpp @@ -87,6 +87,7 @@ error::Error HTTPClient::AsyncCall( }); return; } + reauthenticated_ = true; }; return authenticator_.WithToken( diff --git a/src/api/client.hpp b/src/api/client.hpp index d44191c18..f626ee052 100644 --- a/src/api/client.hpp +++ b/src/api/client.hpp @@ -79,10 +79,19 @@ class HTTPClient : public Client { authenticator_.ExpireToken(); } + bool HasReauthenticated() { + return reauthenticated_; + } + + void SetReauthenticated(bool reauthenticated) { + reauthenticated_ = reauthenticated; + } + private: events::EventLoop &event_loop_; http::Client http_client_; auth::Authenticator &authenticator_; + bool reauthenticated_ {false}; }; } // namespace api diff --git a/src/mender-update/daemon/states.cpp b/src/mender-update/daemon/states.cpp index d157d3ec4..dcead5b89 100644 --- a/src/mender-update/daemon/states.cpp +++ b/src/mender-update/daemon/states.cpp @@ -190,7 +190,12 @@ void PollForDeploymentState::OnEnter(Context &ctx, sm::EventPoster & } else if (!response.value()) { log::Info("No update available"); poster.PostEvent(StateEvent::NothingToDo); - + if (ctx.http_client.HasReauthenticated()) { + log::Debug("Client has reauthenticated, clear inventory data cache"); + ctx.inventory_client->ClearDataCache(); + ctx.has_submitted_inventory = false; + ctx.http_client.SetReauthenticated(false); + } if (not ctx.has_submitted_inventory) { // If we have not submitted inventory successfully at least // once, schedule this after receiving a successful response