From bceff77e35135502df8437c1b3d255b8ab673327 Mon Sep 17 00:00:00 2001
From: Dean <deanhannigan@gmail.com>
Date: Wed, 6 Jul 2022 11:51:48 +0100
Subject: [PATCH] Properly invalidate the cached user ensuring up-to-date
 credentials are always used

---
 packages/backend-core/src/auth.js    |  4 ++++
 packages/server/src/threads/query.js | 17 ++++++++---------
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/packages/backend-core/src/auth.js b/packages/backend-core/src/auth.js
index b6d6a2027f..b60144a0de 100644
--- a/packages/backend-core/src/auth.js
+++ b/packages/backend-core/src/auth.js
@@ -20,6 +20,8 @@ const {
   internalApi,
 } = require("./middleware")
 
+const { invalidateUser } = require("./cache/user")
+
 // Strategies
 passport.use(new LocalStrategy(local.options, local.authenticate))
 passport.use(new JwtStrategy(jwt.options, jwt.authenticate))
@@ -149,6 +151,8 @@ async function updateUserOAuth(userId, oAuthConfig) {
     }
 
     await db.put(dbUser)
+
+    await invalidateUser(userId)
   } catch (e) {
     console.error("Could not update OAuth details for current user", e)
   }
diff --git a/packages/server/src/threads/query.js b/packages/server/src/threads/query.js
index e85fde970e..fa5cc3aa67 100644
--- a/packages/server/src/threads/query.js
+++ b/packages/server/src/threads/query.js
@@ -8,6 +8,7 @@ const {
   refreshOAuthToken,
   updateUserOAuth,
 } = require("@budibase/backend-core/auth")
+const { user: userCache } = require("@budibase/backend-core/cache")
 const { getGlobalIDFromUserMetadataID } = require("../db/utils")
 
 const { isSQL } = require("../integrations/utils")
@@ -112,15 +113,9 @@ class QueryRunner {
         info.code === 401 &&
         !this.hasRefreshedOAuth
       ) {
+        await this.refreshOAuth2(this.ctx)
         // Attempt to refresh the access token from the provider
         this.hasRefreshedOAuth = true
-        const authResponse = await this.refreshOAuth2(this.ctx)
-
-        if (!authResponse || authResponse.err) {
-          // In this event the user may have oAuth issues that
-          // could require re-authenticating with their provider.
-          throw new Error("OAuth2 access token could not be refreshed")
-        }
       }
 
       this.hasRerun = true
@@ -174,8 +169,7 @@ class QueryRunner {
     const { configId } = ctx.auth
 
     if (!providerType || !oauth2?.refreshToken) {
-      console.error("No refresh token found for authenticated user")
-      return
+      throw new Error("No refresh token found for authenticated user")
     }
 
     const resp = await refreshOAuthToken(
@@ -189,6 +183,11 @@ class QueryRunner {
     if (!resp.error) {
       const globalUserId = getGlobalIDFromUserMetadataID(_id)
       await updateUserOAuth(globalUserId, resp)
+      this.ctx.user = await userCache.getUser(globalUserId)
+    } else {
+      // In this event the user may have oAuth issues that
+      // could require re-authenticating with their provider.
+      throw new Error("OAuth2 access token could not be refreshed")
     }
 
     return resp