From 8eb602152532aa886ce8cd96198147430233a59d Mon Sep 17 00:00:00 2001
From: Jim <jim.morris@mobiledgex.com>
Date: Wed, 14 Apr 2021 20:35:06 -0500
Subject: [PATCH] Oauth quickfix (#1437)

* quick fix for oauth

* fix log
---
 crm-platforms/vcd/vcd-agw-sim/vcd-agw-sim.go |  6 ++---
 crm-platforms/vcd/vcd-security.go            | 24 +++++++++++++++++---
 crm-platforms/vcd/vcd-sgw-sim/vcd-sgw-sim.go |  7 +++++-
 3 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/crm-platforms/vcd/vcd-agw-sim/vcd-agw-sim.go b/crm-platforms/vcd/vcd-agw-sim/vcd-agw-sim.go
index 92756c7da..05b80e75d 100644
--- a/crm-platforms/vcd/vcd-agw-sim/vcd-agw-sim.go
+++ b/crm-platforms/vcd/vcd-agw-sim/vcd-agw-sim.go
@@ -46,13 +46,13 @@ func doApi(w http.ResponseWriter, r *http.Request) {
 	token := r.Header.Get("Authorization")
 	stoken := strings.Split(token, "Bearer")
 	if len(stoken) != 2 {
-		log.Printf("Bad access token: %s", token)
+		log.Printf("Bad access token, no bearer: %s", token)
 		w.WriteHeader(http.StatusBadRequest)
 		return
 	}
 	tokval := strings.TrimSpace(stoken[1])
-	if tokval != "simulatoraccesstoken" {
-		log.Printf("Bad access token: %s", tokval)
+	if !strings.HasPrefix(tokval, "simulatoraccesstoken") {
+		log.Printf("Bad access token, wrong value: %s", tokval)
 		w.WriteHeader(http.StatusUnauthorized)
 		return
 	}
diff --git a/crm-platforms/vcd/vcd-security.go b/crm-platforms/vcd/vcd-security.go
index 6ad86cd2e..71640b900 100644
--- a/crm-platforms/vcd/vcd-security.go
+++ b/crm-platforms/vcd/vcd-security.go
@@ -32,6 +32,8 @@ type vcdClientInfo struct {
 var cloudletClients map[edgeproto.CloudletKey]*vcdClientInfo
 var cloudletClientLock sync.Mutex
 
+var maxOauthTokenReadyTime = time.Second * 60
+
 // vcd security related operations
 
 func init() {
@@ -210,6 +212,7 @@ func (v *VcdPlatform) GetClient(ctx context.Context, creds *VcdConfigParams) (cl
 	if creds.OauthAgwUrl != "" {
 		apiUrl = creds.OauthAgwUrl
 	}
+	newOauthToken := false
 	u, err := url.ParseRequestURI(apiUrl)
 	if err != nil {
 		return nil, fmt.Errorf("Unable to parse request to org %s at %s err: %s", creds.Org, creds.VcdApiUrl, err)
@@ -277,6 +280,7 @@ func (v *VcdPlatform) GetClient(ctx context.Context, creds *VcdConfigParams) (cl
 				delete(cloudletClients, *v.vmProperties.CommonPf.PlatformConfig.CloudletKey)
 				return nil, fmt.Errorf("failed oauth response %s at %s err: %s", creds.Org, creds.OauthSgwUrl, err)
 			}
+			newOauthToken = true
 		}
 		clientInfo.lastUpdateTime = time.Now()
 	}
@@ -285,9 +289,23 @@ func (v *VcdPlatform) GetClient(ctx context.Context, creds *VcdConfigParams) (cl
 		return nil, fmt.Errorf("CopyClient failed - %v", err)
 	}
 	// always refresh the vcd session token
-	_, err = clientCopy.GetAuthResponse(creds.User, creds.Password, creds.Org)
-	if err != nil {
-		log.SpanLog(ctx, log.DebugLevelInfra, "Unable to login to org", "org", creds.Org, "err", err)
+	start := time.Now()
+	for {
+		_, err = clientCopy.GetAuthResponse(creds.User, creds.Password, creds.Org)
+		if err == nil {
+			break
+		}
+		log.SpanLog(ctx, log.DebugLevelInfra, "Error logging into org", "org", creds.Org, "err", err)
+		if newOauthToken {
+			// if we just got a new oauth token, it may not be ready for us to use.  Give
+			// it a little time.  This is a workaround pending a more complete fix.
+			elapsed := time.Since(start)
+			if elapsed < maxOauthTokenReadyTime {
+				log.SpanLog(ctx, log.DebugLevelInfra, "sleeping 3 seconds to retry oauth token", "org", creds.Org, "err", err)
+				time.Sleep(3 * time.Second)
+				continue
+			}
+		}
 		delete(cloudletClients, *v.vmProperties.CommonPf.PlatformConfig.CloudletKey)
 		return nil, fmt.Errorf("failed oauth response %s at %s err: %s", creds.Org, creds.OauthSgwUrl, err)
 	}
diff --git a/crm-platforms/vcd/vcd-sgw-sim/vcd-sgw-sim.go b/crm-platforms/vcd/vcd-sgw-sim/vcd-sgw-sim.go
index 3e6011ec4..8f0fb19e9 100644
--- a/crm-platforms/vcd/vcd-sgw-sim/vcd-sgw-sim.go
+++ b/crm-platforms/vcd/vcd-sgw-sim/vcd-sgw-sim.go
@@ -15,6 +15,8 @@ import (
 	"github.com/mobiledgex/edge-cloud-infra/crm-platforms/vcd"
 )
 
+var currTokenNum uint32 = 1
+
 var (
 	port      = flag.Int("port", 8443, "listen port")
 	expiresin = flag.Int("expiresin", 28800, "expires in seconds")
@@ -90,16 +92,19 @@ func getToken(w http.ResponseWriter, r *http.Request) {
 	log.Println("doing getToken")
 	code := validateRequest(r)
 	if code != http.StatusOK {
+		log.Printf("request validation failed - code: %d", code)
+
 		w.WriteHeader(code)
 		return
 	}
 	tokenResponse := vcd.TokenResponse{
-		AccessToken: "simulatoraccesstoken",
+		AccessToken: fmt.Sprintf("simulatoraccesstoken-%d", currTokenNum),
 		TokenType:   "Bearer",
 		ExpiresIn:   *expiresin,
 		Scope:       "openid account.read customer.read customer.accounts.read",
 		IdToken:     "aaaaaaaa.bbbbbbbb.cccccccc",
 	}
+	currTokenNum++
 	byt, _ := json.Marshal(tokenResponse)
 	log.Printf("<===== Sent response: %v\n", tokenResponse)
 	w.Write(byt)