chore(release): 0.21.6 [skip ci]

## [0.21.6](https://github.com/sasjs/server/compare/v0.21.5...v0.21.6) (2022-09-23) ### Bug Fixes * in getTokensFromDB handle the scenario when tokens are expired ([40f95f9](40f95f9072))
Merge pull request #291 from sasjs/issue-290
2026-01-03 13:10:04 +00:00 · 2022-09-23 09:33:49 +00:00 · 2022-09-23 10:29:51 +01:00 · 2022-09-23 09:35:30 +05:00
2 changed files with 38 additions and 10 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,10 @@
+## [0.21.6](https://github.com/sasjs/server/compare/v0.21.5...v0.21.6) (2022-09-23)
+
+
+### Bug Fixes
+
+* in getTokensFromDB handle the scenario when tokens are expired ([40f95f9](https://github.com/sasjs/server/commit/40f95f9072c8685910138d88fd2410f8704fc975))
+
 ## [0.21.5](https://github.com/sasjs/server/compare/v0.21.4...v0.21.5) (2022-09-22)


--- a/api/src/utils/getTokensFromDB.ts
+++ b/api/src/utils/getTokensFromDB.ts
@@ -1,6 +1,27 @@
 import jwt from 'jsonwebtoken'
 import User from '../model/User'

+const isValidToken = async (
+  token: string,
+  key: string,
+  userId: number,
+  clientId: string
+) => {
+  const promise = new Promise<boolean>((resolve, reject) =>
+    jwt.verify(token, key, (err, decoded) => {
+      if (err) return reject(false)
+
+      if (decoded?.userId === userId && decoded?.clientId === clientId) {
+        return resolve(true)
+      }
+
+      return reject(false)
+    })
+  )
+
+  return await promise.then(() => true).catch(() => false)
+}
+
 export const getTokensFromDB = async (userId: number, clientId: string) => {
  const user = await User.findOne({ id: userId })
  if (!user) return
@@ -13,22 +34,22 @@ export const getTokensFromDB = async (userId: number, clientId: string) => {
    const accessToken = currentTokenObj.accessToken
    const refreshToken = currentTokenObj.refreshToken

-    const verifiedAccessToken: any = jwt.verify(
+    const isValidAccessToken = await isValidToken(
      accessToken,
-      process.secrets.ACCESS_TOKEN_SECRET
+      process.secrets.ACCESS_TOKEN_SECRET,
+      userId,
+      clientId
    )

-    const verifiedRefreshToken: any = jwt.verify(
+    const isValidRefreshToken = await isValidToken(
      refreshToken,
-      process.secrets.REFRESH_TOKEN_SECRET
+      process.secrets.REFRESH_TOKEN_SECRET,
+      userId,
+      clientId
    )

-    if (
-      verifiedAccessToken?.userId === userId &&
-      verifiedAccessToken?.clientId === clientId &&
-      verifiedRefreshToken?.userId === userId &&
-      verifiedRefreshToken?.clientId === clientId
-    )
+    if (isValidAccessToken && isValidRefreshToken) {
      return { accessToken, refreshToken }
+    }
  }
 }
Author	SHA1	Message	Date
semantic-release-bot	375f924f45	chore(release): 0.21.6 [skip ci] ## [0.21.6](https://github.com/sasjs/server/compare/v0.21.5...v0.21.6) (2022-09-23) ### Bug Fixes * in getTokensFromDB handle the scenario when tokens are expired ([`40f95f9`](`40f95f9072`))	2022-09-23 09:33:49 +00:00
Allan Bowe	72329e30ed	Merge pull request #291 from sasjs/issue-290 fix: in getTokensFromDB handle the scenario when tokens are expired	2022-09-23 10:29:51 +01:00
Sabir Hassan	40f95f9072	fix: in getTokensFromDB handle the scenario when tokens are expired	2022-09-23 09:35:30 +05:00