github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-01-20 13:17:47 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Increase robustness of the refresh method

Browse Source
This commit is contained in:
Jasper Weyne 2020-08-04 21:29:11 +02:00
parent 46388a591b
commit 6feaf25c90
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/Auth/Access/OpenIdService.php
View File

@ -8,7 +8,6 @@ use Exception;
use Lcobucci\JWT\Token; use Lcobucci\JWT\Token;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException; use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use OpenIDConnectClient\AccessToken; use OpenIDConnectClient\AccessToken;
use OpenIDConnectClient\Exception\InvalidTokenException;
use OpenIDConnectClient\OpenIDConnectProvider; use OpenIDConnectClient\OpenIDConnectProvider;
/** /**
@ -63,11 +62,20 @@ class OpenIdService extends ExternalAuthService
{ {
// Retrieve access token for current session // Retrieve access token for current session
$json = session()->get('openid_token'); $json = session()->get('openid_token');
// If no access token was found, reject the refresh
if (!$json) {
$this->actionLogout();
return false;
}
$accessToken = new AccessToken(json_decode($json, true) ?? []); $accessToken = new AccessToken(json_decode($json, true) ?? []);
// Check if both the access token and the ID token (if present) are unexpired // Check if both the access token and the ID token (if present) are unexpired
$idToken = $accessToken->getIdToken(); $idToken = $accessToken->getIdToken();
if (!$accessToken->hasExpired() && (!$idToken || !$idToken->isExpired())) { $accessTokenUnexpired = $accessToken->getExpires() && !$accessToken->hasExpired();
$idTokenUnexpired = !$idToken || !$idToken->isExpired();
if ($accessTokenUnexpired && $idTokenUnexpired) {
return true; return true;
} }