Properly invalidate the cached user ensuring up-to-date credentials are always used
This commit is contained in:
Dean
parent
7b11c9e357
commit
bceff77e35
|
|
@ -20,6 +20,8 @@ const {
|
||||||
internalApi,
|
internalApi,
|
||||||
} = require("./middleware")
|
} = require("./middleware")
|
||||||
|
|
||||||
|
const { invalidateUser } = require("./cache/user")
|
||||||
|
|
||||||
// Strategies
|
// Strategies
|
||||||
passport.use(new LocalStrategy(local.options, local.authenticate))
|
passport.use(new LocalStrategy(local.options, local.authenticate))
|
||||||
passport.use(new JwtStrategy(jwt.options, jwt.authenticate))
|
passport.use(new JwtStrategy(jwt.options, jwt.authenticate))
|
||||||
|
|
@ -149,6 +151,8 @@ async function updateUserOAuth(userId, oAuthConfig) {
|
||||||
}
|
}
|
||||||
|
|
||||||
await db.put(dbUser)
|
await db.put(dbUser)
|
||||||
|
|
||||||
|
await invalidateUser(userId)
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
console.error("Could not update OAuth details for current user", e)
|
console.error("Could not update OAuth details for current user", e)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ const {
|
||||||
refreshOAuthToken,
|
refreshOAuthToken,
|
||||||
updateUserOAuth,
|
updateUserOAuth,
|
||||||
} = require("@budibase/backend-core/auth")
|
} = require("@budibase/backend-core/auth")
|
||||||
|
const { user: userCache } = require("@budibase/backend-core/cache")
|
||||||
const { getGlobalIDFromUserMetadataID } = require("../db/utils")
|
const { getGlobalIDFromUserMetadataID } = require("../db/utils")
|
||||||
|
|
||||||
const { isSQL } = require("../integrations/utils")
|
const { isSQL } = require("../integrations/utils")
|
||||||
|
|
@ -112,15 +113,9 @@ class QueryRunner {
|
||||||
info.code === 401 &&
|
info.code === 401 &&
|
||||||
!this.hasRefreshedOAuth
|
!this.hasRefreshedOAuth
|
||||||
) {
|
) {
|
||||||
|
await this.refreshOAuth2(this.ctx)
|
||||||
// Attempt to refresh the access token from the provider
|
// Attempt to refresh the access token from the provider
|
||||||
this.hasRefreshedOAuth = true
|
this.hasRefreshedOAuth = true
|
||||||
const authResponse = await this.refreshOAuth2(this.ctx)
|
|
||||||
|
|
||||||
if (!authResponse || authResponse.err) {
|
|
||||||
// In this event the user may have oAuth issues that
|
|
||||||
// could require re-authenticating with their provider.
|
|
||||||
throw new Error("OAuth2 access token could not be refreshed")
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
this.hasRerun = true
|
this.hasRerun = true
|
||||||
|
|
@ -174,8 +169,7 @@ class QueryRunner {
|
||||||
const { configId } = ctx.auth
|
const { configId } = ctx.auth
|
||||||
|
|
||||||
if (!providerType || !oauth2?.refreshToken) {
|
if (!providerType || !oauth2?.refreshToken) {
|
||||||
console.error("No refresh token found for authenticated user")
|
throw new Error("No refresh token found for authenticated user")
|
||||||
return
|
|
||||||
}
|
}
|
||||||
|
|
||||||
const resp = await refreshOAuthToken(
|
const resp = await refreshOAuthToken(
|
||||||
|
|
@ -189,6 +183,11 @@ class QueryRunner {
|
||||||
if (!resp.error) {
|
if (!resp.error) {
|
||||||
const globalUserId = getGlobalIDFromUserMetadataID(_id)
|
const globalUserId = getGlobalIDFromUserMetadataID(_id)
|
||||||
await updateUserOAuth(globalUserId, resp)
|
await updateUserOAuth(globalUserId, resp)
|
||||||
|
this.ctx.user = await userCache.getUser(globalUserId)
|
||||||
|
} else {
|
||||||
|
// In this event the user may have oAuth issues that
|
||||||
|
// could require re-authenticating with their provider.
|
||||||
|
throw new Error("OAuth2 access token could not be refreshed")
|
||||||
}
|
}
|
||||||
|
|
||||||
return resp
|
return resp
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue