From a64e573c042957935e4051f6ed0ae2ee8d1ca496 Mon Sep 17 00:00:00 2001
From: hongming <hongming@kubesphere.io>
Date: Thu, 6 Jul 2023 18:04:51 +0800
Subject: [PATCH] fix: enableMultiLogin configuration does not take effect
 (#5819)

---
 pkg/kapis/oauth/handler.go                | 6 +++++-
 pkg/models/auth/token.go                  | 4 +---
 pkg/simple/client/cache/inmemory_cache.go | 2 +-
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/pkg/kapis/oauth/handler.go b/pkg/kapis/oauth/handler.go
index 2703b2e27..a3e82c35c 100644
--- a/pkg/kapis/oauth/handler.go
+++ b/pkg/kapis/oauth/handler.go
@@ -455,6 +455,11 @@ func (h *handler) passwordGrant(provider, username string, password string, req
 }
 
 func (h *handler) issueTokenTo(user user.Info) (*oauth.Token, error) {
+	if !h.options.MultipleLogin {
+		if err := h.tokenOperator.RevokeAllUserTokens(user.GetName()); err != nil {
+			return nil, err
+		}
+	}
 	accessToken, err := h.tokenOperator.IssueTo(&token.IssueRequest{
 		User:      user,
 		Claims:    token.Claims{TokenType: token.AccessToken},
@@ -471,7 +476,6 @@ func (h *handler) issueTokenTo(user user.Info) (*oauth.Token, error) {
 	if err != nil {
 		return nil, err
 	}
-
 	result := oauth.Token{
 		AccessToken: accessToken,
 		// The OAuth 2.0 token_type response parameter value MUST be Bearer,
diff --git a/pkg/models/auth/token.go b/pkg/models/auth/token.go
index 2edd0ba37..3fb596d85 100644
--- a/pkg/models/auth/token.go
+++ b/pkg/models/auth/token.go
@@ -129,9 +129,7 @@ func (t *tokenOperator) tokenCacheValidate(username, token string) error {
 	if exist, err := t.cache.Exists(key); err != nil {
 		return err
 	} else if !exist {
-		err = errors.New("token not found in cache")
-		klog.V(4).Info(fmt.Errorf("%s: %s", err, token))
-		return err
+		return errors.New("token not found in cache")
 	}
 	return nil
 }
diff --git a/pkg/simple/client/cache/inmemory_cache.go b/pkg/simple/client/cache/inmemory_cache.go
index c784034e6..66313a715 100644
--- a/pkg/simple/client/cache/inmemory_cache.go
+++ b/pkg/simple/client/cache/inmemory_cache.go
@@ -92,7 +92,7 @@ func (s *inMemoryCache) cleanInvalidToken() {
 func (s *inMemoryCache) Keys(pattern string) ([]string, error) {
 	// There is a little difference between go regexp and redis key pattern
 	// In redis, * means any character, while in go . means match everything.
-	pattern = strings.Replace(pattern, "*", ".", -1)
+	pattern = strings.Replace(pattern, "*", ".*", -1)
 
 	re, err := regexp.Compile(pattern)
 	if err != nil {