Merge pull request #286 from sasjs/issue-279

fix: return same tokens if not expired
2025-12-10 11:24:35 +00:00 · 2022-09-21 18:46:07 +01:00
parent a810f6c7cf 6f5566dabb
commit 5c40d8a342
5 changed files with 47 additions and 2 deletions
--- a/api/src/controllers/auth.ts
+++ b/api/src/controllers/auth.ts
@@ -4,6 +4,7 @@ import { InfoJWT } from '../types'
 import {
  generateAccessToken,
  generateRefreshToken,
+  getTokensFromDB,
  removeTokensInDB,
  saveTokensInDB
 } from '../utils'
@@ -73,6 +74,15 @@ const token = async (data: any): Promise<TokenResponse> => {

  AuthController.deleteCode(userInfo.userId, clientId)

+  // get tokens from DB
+  const existingTokens = await getTokensFromDB(userInfo.userId, clientId)
+  if (existingTokens) {
+    return {
+      accessToken: existingTokens.accessToken,
+      refreshToken: existingTokens.refreshToken
+    }
+  }
+
  const accessToken = generateAccessToken(userInfo)
  const refreshToken = generateRefreshToken(userInfo)

--- a/api/src/controllers/stp.ts
+++ b/api/src/controllers/stp.ts
@@ -92,7 +92,7 @@ const execute = async (
    )

    if (result instanceof Buffer) {
-      ; (req as any).sasHeaders = httpHeaders
+      ;(req as any).sasHeaders = httpHeaders
    }

    return result
--- a/api/src/routes/api/auth.ts
+++ b/api/src/routes/api/auth.ts
@@ -7,7 +7,7 @@ import {
  authenticateRefreshToken
 } from '../../middlewares'

-import { authorizeValidation, tokenValidation } from '../../utils'
+import { tokenValidation } from '../../utils'
 import { InfoJWT } from '../../types'

 const authRouter = express.Router()
--- a/api/src/utils/getTokensFromDB.ts
+++ b/api/src/utils/getTokensFromDB.ts
@@ -0,0 +1,34 @@
+import jwt from 'jsonwebtoken'
+import User from '../model/User'
+
+export const getTokensFromDB = async (userId: number, clientId: string) => {
+  const user = await User.findOne({ id: userId })
+  if (!user) return
+
+  const currentTokenObj = user.tokens.find(
+    (tokenObj: any) => tokenObj.clientId === clientId
+  )
+
+  if (currentTokenObj) {
+    const accessToken = currentTokenObj.accessToken
+    const refreshToken = currentTokenObj.refreshToken
+
+    const verifiedAccessToken: any = jwt.verify(
+      accessToken,
+      process.secrets.ACCESS_TOKEN_SECRET
+    )
+
+    const verifiedRefreshToken: any = jwt.verify(
+      refreshToken,
+      process.secrets.REFRESH_TOKEN_SECRET
+    )
+
+    if (
+      verifiedAccessToken?.userId === userId &&
+      verifiedAccessToken?.clientId === clientId &&
+      verifiedRefreshToken?.userId === userId &&
+      verifiedRefreshToken?.clientId === clientId
+    )
+      return { accessToken, refreshToken }
+  }
+}
--- a/api/src/utils/index.ts
+++ b/api/src/utils/index.ts
@@ -14,6 +14,7 @@ export * from './getDesktopFields'
 export * from './getPreProgramVariables'
 export * from './getRunTimeAndFilePath'
 export * from './getServerUrl'
+export * from './getTokensFromDB'
 export * from './instantiateLogger'
 export * from './isDebugOn'
 export * from './isPublicRoute'