From 67c59950f313c2240e1097c604c172b18ddb3230 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 12 Aug 2019 17:41:41 +0200 Subject: [PATCH] Fix guardian db hook when refresh the access token --- config/test.exs | 2 +- lib/mobilizon/users/users.ex | 12 ++++++++++-- lib/mobilizon_web/guardian.ex | 8 ++++++++ lib/mobilizon_web/resolvers/user.ex | 23 +++++++++++++++++------ lib/mobilizon_web/schema.ex | 6 +++++- 5 files changed, 41 insertions(+), 10 deletions(-) diff --git a/config/test.exs b/config/test.exs index 21432393b..e31d9fbfb 100644 --- a/config/test.exs +++ b/config/test.exs @@ -19,7 +19,7 @@ config :mobilizon, MobilizonWeb.Endpoint, config :logger, backends: [:console], compile_time_purge_level: :debug, - level: :info + level: :debug # Configure your database config :mobilizon, Mobilizon.Repo, diff --git a/lib/mobilizon/users/users.ex b/lib/mobilizon/users/users.ex index 9fea52635..90d10de5d 100644 --- a/lib/mobilizon/users/users.ex +++ b/lib/mobilizon/users/users.ex @@ -253,13 +253,21 @@ defmodule Mobilizon.Users do end def generate_access_token(user) do - with {:ok, access_token, _claims} <- MobilizonWeb.Guardian.encode_and_sign(user, %{}, token_type: "access", ttl: {5, :seconds}) do + with {:ok, access_token, _claims} <- + MobilizonWeb.Guardian.encode_and_sign(user, %{}, + token_type: "access", + ttl: {5, :seconds} + ) do {:ok, access_token} end end def generate_refresh_token(user) do - with {:ok, refresh_token, _claims} <- MobilizonWeb.Guardian.encode_and_sign(user, %{}, token_type: "refresh", ttl: {30, :days}) do + with {:ok, refresh_token, _claims} <- + MobilizonWeb.Guardian.encode_and_sign(user, %{}, + token_type: "refresh", + ttl: {30, :days} + ) do {:ok, refresh_token} end end diff --git a/lib/mobilizon_web/guardian.ex b/lib/mobilizon_web/guardian.ex index 465178f1b..8fd954c6d 100644 --- a/lib/mobilizon_web/guardian.ex +++ b/lib/mobilizon_web/guardian.ex @@ -61,6 +61,14 @@ defmodule MobilizonWeb.Guardian do end end + def on_refresh({old_token, old_claims}, {new_token, new_claims}, _options) do + with {:ok, _, _} <- Guardian.DB.on_refresh({old_token, old_claims}, {new_token, new_claims}) do + {:ok, {old_token, old_claims}, {new_token, new_claims}} + end + end + + def on_exchange(old_stuff, new_stuff, options), do: on_refresh(old_stuff, new_stuff, options) + # def build_claims(claims, _resource, opts) do # claims = claims # |> encode_permissions_into_claims!(Keyword.get(opts, :permissions)) diff --git a/lib/mobilizon_web/resolvers/user.ex b/lib/mobilizon_web/resolvers/user.ex index 6cbf5d456..ef3f0839f 100644 --- a/lib/mobilizon_web/resolvers/user.ex +++ b/lib/mobilizon_web/resolvers/user.ex @@ -65,7 +65,8 @@ defmodule MobilizonWeb.Resolvers.User do """ def login_user(_parent, %{email: email, password: password}, _resolution) do with {:ok, %User{} = user} <- Users.get_user_by_email(email, true), - {:ok, %{access_token: access_token, refresh_token: refresh_token}} <- Users.authenticate(%{user: user, password: password}) do + {:ok, %{access_token: access_token, refresh_token: refresh_token}} <- + Users.authenticate(%{user: user, password: password}) do {:ok, %{access_token: access_token, refresh_token: refresh_token, user: user}} else {:error, :user_not_found} -> @@ -86,8 +87,11 @@ defmodule MobilizonWeb.Resolvers.User do }, _context ) do - with {:ok, _old, {exchanged_token, _claims}} <- MobilizonWeb.Guardian.exchange(refresh_token, "refresh", "access", ttl: { 1, :days}), - {:ok, user, _claims} <- MobilizonWeb.Guardian.resource_from_token(refresh_token), + with {:ok, user, _claims} <- MobilizonWeb.Guardian.resource_from_token(refresh_token), + {:ok, _old, {exchanged_token, _claims}} <- + MobilizonWeb.Guardian.exchange(refresh_token, ["access", "refresh"], "access", + ttl: {1, :days} + ), {:ok, refresh_token} <- Users.generate_refresh_token(user) do {:ok, %{access_token: exchanged_token, refresh_token: refresh_token}} else @@ -128,8 +132,14 @@ defmodule MobilizonWeb.Resolvers.User do with {:check_confirmation_token, {:ok, %User{} = user}} <- {:check_confirmation_token, Activation.check_confirmation_token(token)}, {:get_actor, actor} <- {:get_actor, Users.get_actor_for_user(user)}, - {:ok, %{access_token: access_token, refresh_token: refresh_token}} <- Users.generate_tokens(user) do - {:ok, %{access_token: access_token, refresh_token: refresh_token, user: Map.put(user, :default_actor, actor)}} + {:ok, %{access_token: access_token, refresh_token: refresh_token}} <- + Users.generate_tokens(user) do + {:ok, + %{ + access_token: access_token, + refresh_token: refresh_token, + user: Map.put(user, :default_actor, actor) + }} else err -> Logger.info("Unable to validate user with token #{token}") @@ -180,7 +190,8 @@ defmodule MobilizonWeb.Resolvers.User do def reset_password(_parent, %{password: password, token: token}, _resolution) do with {:ok, %User{} = user} <- ResetPassword.check_reset_password_token(password, token), - {:ok, %{access_token: access_token, refresh_token: refresh_token}} <- Users.authenticate(%{user: user, password: password}) do + {:ok, %{access_token: access_token, refresh_token: refresh_token}} <- + Users.authenticate(%{user: user, password: password}) do {:ok, %{access_token: access_token, refresh_token: refresh_token, user: user}} end end diff --git a/lib/mobilizon_web/schema.ex b/lib/mobilizon_web/schema.ex index 12cf95c3d..c3819ab75 100644 --- a/lib/mobilizon_web/schema.ex +++ b/lib/mobilizon_web/schema.ex @@ -32,7 +32,11 @@ defmodule MobilizonWeb.Schema do @desc "A JWT and the associated user ID" object :login do field(:access_token, non_null(:string), description: "A JWT Token for this session") - field(:refresh_token, non_null(:string), description: "A JWT Token to refresh the access token") + + field(:refresh_token, non_null(:string), + description: "A JWT Token to refresh the access token" + ) + field(:user, non_null(:user), description: "The user associated to this session") end