k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity

fix: do not update offlinesession lastUsed field if refresh token was not change

Browse Source 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
This commit is contained in:
m.nabokikh
2021-10-19 00:37:55 +04:00
parent c319983ecc
commit 9fad0602ec
3 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
server/refreshhandlers.go
View File

@@ -227,16 +227,13 @@ func (s *Server) updateRefreshToken(token *internal.RefreshToken, refresh *stora
lastUsed := s.now()
rerr := s.updateOfflineSession(refresh, ident, lastUsed)
if rerr != nil {
return nil, rerr
}
refreshTokenUpdater := func(old storage.RefreshToken) (storage.RefreshToken, error) {
if s.refreshTokenPolicy.RotationEnabled() {
if old.Token != token.Token {
if s.refreshTokenPolicy.AllowedToReuse(old.LastUsed) && old.ObsoleteToken == token.Token {
newToken.Token = old.Token
// Do not update last used time for offline session if token is allowed to be reused
lastUsed = old.LastUsed
return old, nil
}
return old, errors.New("refresh token claimed twice")
@@ -268,6 +265,11 @@ func (s *Server) updateRefreshToken(token *internal.RefreshToken, refresh *stora
return nil, newInternalServerError()
}
rerr := s.updateOfflineSession(refresh, ident, lastUsed)
if rerr != nil {
return nil, rerr
}
return newToken, nil
}