Merge pull request #6575 from Budibase/fix/sso-stale-credentials

Properly invalidate the cached user
This commit is contained in:
deanhannigan 2022-07-06 13:25:39 +01:00 committed by GitHub
commit 58f398a083
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 10 deletions

View File

@ -20,6 +20,8 @@ const {
internalApi,
} = require("./middleware")
const { invalidateUser } = require("./cache/user")
// Strategies
passport.use(new LocalStrategy(local.options, local.authenticate))
passport.use(new JwtStrategy(jwt.options, jwt.authenticate))
@ -149,6 +151,8 @@ async function updateUserOAuth(userId, oAuthConfig) {
}
await db.put(dbUser)
await invalidateUser(userId)
} catch (e) {
console.error("Could not update OAuth details for current user", e)
}

View File

@ -8,6 +8,7 @@ const {
refreshOAuthToken,
updateUserOAuth,
} = require("@budibase/backend-core/auth")
const { user: userCache } = require("@budibase/backend-core/cache")
const { getGlobalIDFromUserMetadataID } = require("../db/utils")
const { isSQL } = require("../integrations/utils")
@ -112,15 +113,9 @@ class QueryRunner {
info.code === 401 &&
!this.hasRefreshedOAuth
) {
await this.refreshOAuth2(this.ctx)
// Attempt to refresh the access token from the provider
this.hasRefreshedOAuth = true
const authResponse = await this.refreshOAuth2(this.ctx)
if (!authResponse || authResponse.err) {
// In this event the user may have oAuth issues that
// could require re-authenticating with their provider.
throw new Error("OAuth2 access token could not be refreshed")
}
}
this.hasRerun = true
@ -174,8 +169,7 @@ class QueryRunner {
const { configId } = ctx.auth
if (!providerType || !oauth2?.refreshToken) {
console.error("No refresh token found for authenticated user")
return
throw new Error("No refresh token found for authenticated user")
}
const resp = await refreshOAuthToken(
@ -186,9 +180,16 @@ class QueryRunner {
// Refresh session flow. Should be in same location as refreshOAuthToken
// There are several other properties available in 'resp'
if (!resp.error) {
if (!resp.err) {
const globalUserId = getGlobalIDFromUserMetadataID(_id)
await updateUserOAuth(globalUserId, resp)
this.ctx.user = await userCache.getUser(globalUserId)
} else {
// In this event the user may have oAuth issues that
// could require re-authenticating with their provider.
throw new Error(
"OAuth2 access token could not be refreshed: " + resp.err.toString()
)
}
return resp