From d43ce07b669e496f3ff84dd8954968233f306402 Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Tue, 19 Feb 2019 16:47:04 -0500
Subject: [PATCH] consume resume token during VerifyToken

Independently of this, ClientLookupSet.Resume ensures that at most one
resume can succeed, so this doesn't actually change the behavior.
But ResumeManager should be a standalone example of how to implement
resume without race conditions.
---
 irc/resume.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/irc/resume.go b/irc/resume.go
index efb2baa9..9b9b1d05 100644
--- a/irc/resume.go
+++ b/irc/resume.go
@@ -52,7 +52,8 @@ func (rm *ResumeManager) GenerateToken(client *Client) (token string) {
 }
 
 // VerifyToken looks up the client corresponding to a resume token, returning
-// nil if there is no such client or the token is invalid.
+// nil if there is no such client or the token is invalid. If successful,
+// the token is consumed and cannot be used to resume again.
 func (rm *ResumeManager) VerifyToken(token string) (client *Client) {
 	if len(token) != 2*utils.SecretTokenLength {
 		return
@@ -68,6 +69,8 @@ func (rm *ResumeManager) VerifyToken(token string) (client *Client) {
 			// disallow resume of an unregistered client; this prevents the use of
 			// resume as an auth bypass
 			if pair.client.Registered() {
+				// consume the token, ensuring that at most one resume can succeed
+				delete(rm.resumeIDtoCreds, id)
 				return pair.client
 			}
 		}