Notification of about-to-expire status... almost there.

controller/DB.hpp

@@ -35,6 +35,8 @@
 
 #include "../ext/json/json.hpp"
 
+#define ZT_MEMBER_AUTH_TIMEOUT_NOTIFY_BEFORE 10000
+
 namespace ZeroTier
 {
 

controller/DBMirrorSet.cpp

@@ -240,9 +240,9 @@ void DBMirrorSet::onNetworkMemberDeauthorize(const void *db,uint64_t networkId,u
 	_listener->onNetworkMemberDeauthorize(this,networkId,memberId);
 }
 
-std::vector<std::pair<uint64_t, uint64_t>> DBMirrorSet::membersExpiringSoon()
+std::set< std::pair<uint64_t, uint64_t> > DBMirrorSet::membersExpiringSoon()
 {
-	std::vector<std::pair<uint64_t, uint64_t>> soon;
+	std::set< std::pair<uint64_t, uint64_t> > soon;
 	std::unique_lock<std::mutex> l(_membersExpiringSoon_l);
 	int64_t now = OSUtils::now();
 	for(auto next=_membersExpiringSoon.begin();next!=_membersExpiringSoon.end();) {
@@ -259,11 +259,11 @@ std::vector<std::pair<uint64_t, uint64_t>> DBMirrorSet::membersExpiringSoon()
 					const bool ssoExempt = member["ssoExempt"];
 					const int64_t authenticationExpiryTime = member["authenticationExpiryTime"];
 					if ((authenticationExpiryTime == next->first)&&(authorized)&&(!ssoExempt)) {
-						if ((authenticationExpiryTime - now) > 10000) {
+						if ((authenticationExpiryTime - now) > ZT_MEMBER_AUTH_TIMEOUT_NOTIFY_BEFORE) {
-							// Stop when we get to entries more than 10s in the future.
+							// Stop when we get to entries too far in the future.
 							break;
 						} else {
-							soon.push_back(std::pair<uint64_t, uint64_t>(nwid, memberId));
+							soon.insert(std::pair<uint64_t, uint64_t>(nwid, memberId));
 						}
 					} else {
 						// Obsolete entry, no longer authorized, or SSO exempt.

controller/DBMirrorSet.hpp

@@ -60,7 +60,7 @@ public:
 		_dbs.push_back(db);
 	}
 
-	std::vector<std::pair<uint64_t, uint64_t>> membersExpiringSoon();
+	std::set< std::pair<uint64_t, uint64_t> > membersExpiringSoon();
 	void memberExpiring(int64_t expTime, uint64_t nwid, uint64_t memberId);
 
 private:
@@ -69,7 +69,7 @@ private:
 	std::thread _syncCheckerThread;
 	std::vector< std::shared_ptr< DB > > _dbs;
 	mutable std::mutex _dbs_l;
-	std::multimap< int64_t, std::pair<uint64_t, uint64_t> > _membersExpiringSoon;
+	std::set< std::pair< int64_t, std::pair<uint64_t, uint64_t> > > _membersExpiringSoon;
 	mutable std::mutex _membersExpiringSoon_l;
 };
 

controller/EmbeddedNetworkController.cpp

@@ -1366,17 +1366,21 @@ void EmbeddedNetworkController::_request(
 		std::string memberId = member["id"];
 		fprintf(stderr, "ssoEnabled && !ssoExempt %s-%s\n", nwids, memberId.c_str());
 		uint64_t authenticationExpiryTime = (int64_t)OSUtils::jsonInt(member["authenticationExpiryTime"], 0);
-		fprintf(stderr, "authExpiryTime: %lld\n", authenticationExpiryTime);
+		if (authenticationExpiryTime > 0) {
-		if (authenticationExpiryTime < now) {
+			fprintf(stderr, "authExpiryTime: %lld\n", authenticationExpiryTime);
-			std::string authenticationURL = _db.getSSOAuthURL(member, _ssoRedirectURL);
+			if (authenticationExpiryTime < now) {
-			if (!authenticationURL.empty()) {
+				std::string authenticationURL = _db.getSSOAuthURL(member, _ssoRedirectURL);
-				Dictionary<3072> authInfo;
+				if (!authenticationURL.empty()) {
-				authInfo.add("aU", authenticationURL.c_str());
+					Dictionary<3072> authInfo;
-				fprintf(stderr, "sending auth URL: %s\n", authenticationURL.c_str());
+					authInfo.add("aU", authenticationURL.c_str());
-				DB::cleanMember(member);
+					fprintf(stderr, "sending auth URL: %s\n", authenticationURL.c_str());
-				_db.save(member,true);
+					DB::cleanMember(member);
-				_sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED, authInfo.data(), authInfo.sizeBytes());
+					_db.save(member,true);
-				return;
+					_sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED, authInfo.data(), authInfo.sizeBytes());
+					return;
+				}
+			} else {
+				_db.memberExpiring(authenticationExpiryTime, nwid, identity.address().toInt());
 			}
 		}
 	}