Skip to content

Commit a324c8b

Browse files
committed
fix: restore CAS lck retry to 3x with 60s timeouts
A prior 'docs: update readme' commit (e3c2bde) silently regressed the CAS-lck extraction loop — reduced attempts from 3 to 2, timeouts from 60s to 15s/10s, and dropped the per-retry print. That undid the fix in dae2514 and caused 'Failed to extract lck from CAS redirect chain' on every Actions run. Restoring the original retry shape and bumping the inter-attempt sleep to 3s. The /login early-exit (skipping the heavy login page when WebVPN bounces us back) is kept — it just makes the failed inner pass exit faster so the next outer attempt can run.
1 parent bc3e40f commit a324c8b

1 file changed

Lines changed: 13 additions & 8 deletions

File tree

src/api/webvpn.py

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -199,20 +199,25 @@ def authenticate_icourse(
199199
vpn_url = get_vpn_url(casapi_url)
200200

201201
# Follow redirect chain to reach IDP login page and extract lck.
202-
# One fast retry handles transient CAS 200 responses; if it still
203-
# fails, let login_with_retry() do a full WebVPN re-login instead.
202+
# The CAS gateway intermittently returns a 200 interstitial or
203+
# bounces back to WebVPN's own /login (cookie not yet effective
204+
# for the casapi vhost) right after a successful WebVPN login.
205+
# Retry a few times in-place before letting login_with_retry()
206+
# waste a full WebVPN re-login on a transient hiccup.
204207
import time as _time
205208
lck = None
206-
for cas_attempt in range(2):
209+
for cas_attempt in range(3):
207210
if cas_attempt > 0:
208-
_time.sleep(2)
209-
resp = self.session.get(vpn_url, allow_redirects=False, timeout=15)
211+
print(f" CAS lck extract retry {cas_attempt}/2...")
212+
_time.sleep(3)
213+
resp = self.session.get(vpn_url, allow_redirects=False, timeout=60)
210214
for _ in range(15):
211215
location = resp.headers.get("Location", "")
212216
if resp.status_code not in (301, 302, 303, 307) or not location:
213217
break
214-
# WebVPN returning /login means the session is stale —
215-
# don't waste time fetching the heavy login page.
218+
# WebVPN bouncing to its own /login means the session
219+
# isn't recognised for this vhost — stop chasing the
220+
# heavy login page and let the outer retry try again.
216221
if "/login" in location:
217222
break
218223
lck_match = re.search(r'lck=([^&#"]+)', location)
@@ -222,7 +227,7 @@ def authenticate_icourse(
222227
if not location.startswith("http"):
223228
location = urljoin(resp.url, location)
224229
resp = self.session.get(
225-
location, allow_redirects=False, timeout=10
230+
location, allow_redirects=False, timeout=60
226231
)
227232
if lck:
228233
break

0 commit comments

Comments
 (0)