From c9c5911170b728acfae2378220984aa4494695d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Budai?= <ondrej@budai.cz>
Date: Wed, 29 Jun 2022 10:24:24 +0200
Subject: [PATCH] builder: always refresh OAuth token after getting 401

See the comment inline
---
 plugins/builder/osbuild.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/plugins/builder/osbuild.py b/plugins/builder/osbuild.py
index 3853fc0..8cd4a60 100644
--- a/plugins/builder/osbuild.py
+++ b/plugins/builder/osbuild.py
@@ -352,9 +352,9 @@ def oauth_init(self, client_id: str, secret: str, token_url: str):
         oauth = OAuth2(client_id, secret, token_url)
         self.http.auth = oauth
 
-    def oauth_check(self) -> bool:
+    def oauth_check(self, force_new_token: bool = False) -> bool:
         auth = self.http.auth
-        if auth and auth.token_expired:
+        if auth and (auth.token_expired or force_new_token):
             auth.fetch_token(self.http)
             return True
 
@@ -365,7 +365,13 @@ def request(self, method: str, url: str, js: Optional[Dict] = None):
         self.oauth_check()
         res = self.http.request(method, url, json=js)
 
-        if res.status_code == 401 and self.oauth_check():
+        # If 401 is returned, check if oauth is enabled. If it is, get
+        # a new access token and then retry the request.
+        # This is needed because even though we always send the request when
+        # the token is still usable, it might arrive to the server when it's
+        # already invalid. This retrying mechanism serves as the last resort
+        # attempt to get the request through.
+        if res.status_code == 401 and self.oauth_check(True):
             res = self.http.request(method, url, json=js)
 
         return res