lastRefresh now before attempt made to avoid races

Now we won't accidentally try to refresh an expired token

storage/configserver.go

@@ -44,7 +44,7 @@ func newConfigServerAccessor(conf ConfigServerConfig) (*ConfigServerAccessor, er
 		return nil, fmt.Errorf("Could not get auth endpoint: %s", err)
 	}
 
-	fmt.Printf("AuthURL: %s\n", authURL)
+	//fmt.Printf("AuthURL: %s\n", authURL)
 
 	uaaClient := uaa.Client{
 		URL:               authURL,
@@ -179,6 +179,7 @@ func (r *refreshTokenStrategy) RefreshToken() string {
 func (r *refreshTokenStrategy) Refresh() error {
 	var authResp *uaa.AuthResponse
 	var err error
+	attemptTime := time.Now()
 	if r.IsClientCredentials {
 		fmt.Fprintf(os.Stderr, "Refreshing client credentials auth for Credhub\n")
 		authResp, err = r.UAAClient.ClientCredentials(r.ClientID, r.ClientSecret)
@@ -197,7 +198,7 @@ func (r *refreshTokenStrategy) Refresh() error {
 	}
 
 	fmt.Fprintf(os.Stderr, "Credhub token refresh was successful\n")
-	r.lastSuccessfulRefresh = time.Now()
+	r.lastSuccessfulRefresh = attemptTime
 	r.TTL = authResp.TTL
 
 	r.SetTokens(authResp.AccessToken, authResp.RefreshToken)

storage/opsmgr.go

@@ -217,6 +217,7 @@ func (v *OmAccessor) setTokens(accessToken, refreshToken string) {
 func (v *OmAccessor) refresh() error {
 	var authResp *uaa.AuthResponse
 	var err error
+	attemptTime := time.Now()
 	if v.isClientCredentials {
 		fmt.Fprintf(os.Stderr, "Refreshing client credentials auth for OpsMan\n")
 		authResp, err = v.uaaClient.ClientCredentials(v.clientID, v.clientSecret)
@@ -234,7 +235,7 @@ func (v *OmAccessor) refresh() error {
 	}
 
 	fmt.Fprintf(os.Stderr, "Opsman token refresh was successful\n")
-	v.lastSuccessfulRefresh = time.Now()
+	v.lastSuccessfulRefresh = attemptTime
 	v.tokenTTL = authResp.TTL
 
 	v.setTokens(authResp.AccessToken, authResp.RefreshToken)