From bceff77e35135502df8437c1b3d255b8ab673327 Mon Sep 17 00:00:00 2001 From: Dean Date: Wed, 6 Jul 2022 11:51:48 +0100 Subject: [PATCH 1/3] Properly invalidate the cached user ensuring up-to-date credentials are always used --- packages/backend-core/src/auth.js | 4 ++++ packages/server/src/threads/query.js | 17 ++++++++--------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/packages/backend-core/src/auth.js b/packages/backend-core/src/auth.js index b6d6a2027f..b60144a0de 100644 --- a/packages/backend-core/src/auth.js +++ b/packages/backend-core/src/auth.js @@ -20,6 +20,8 @@ const { internalApi, } = require("./middleware") +const { invalidateUser } = require("./cache/user") + // Strategies passport.use(new LocalStrategy(local.options, local.authenticate)) passport.use(new JwtStrategy(jwt.options, jwt.authenticate)) @@ -149,6 +151,8 @@ async function updateUserOAuth(userId, oAuthConfig) { } await db.put(dbUser) + + await invalidateUser(userId) } catch (e) { console.error("Could not update OAuth details for current user", e) } diff --git a/packages/server/src/threads/query.js b/packages/server/src/threads/query.js index e85fde970e..fa5cc3aa67 100644 --- a/packages/server/src/threads/query.js +++ b/packages/server/src/threads/query.js @@ -8,6 +8,7 @@ const { refreshOAuthToken, updateUserOAuth, } = require("@budibase/backend-core/auth") +const { user: userCache } = require("@budibase/backend-core/cache") const { getGlobalIDFromUserMetadataID } = require("../db/utils") const { isSQL } = require("../integrations/utils") @@ -112,15 +113,9 @@ class QueryRunner { info.code === 401 && !this.hasRefreshedOAuth ) { + await this.refreshOAuth2(this.ctx) // Attempt to refresh the access token from the provider this.hasRefreshedOAuth = true - const authResponse = await this.refreshOAuth2(this.ctx) - - if (!authResponse || authResponse.err) { - // In this event the user may have oAuth issues that - // could require re-authenticating with their provider. - throw new Error("OAuth2 access token could not be refreshed") - } } this.hasRerun = true @@ -174,8 +169,7 @@ class QueryRunner { const { configId } = ctx.auth if (!providerType || !oauth2?.refreshToken) { - console.error("No refresh token found for authenticated user") - return + throw new Error("No refresh token found for authenticated user") } const resp = await refreshOAuthToken( @@ -189,6 +183,11 @@ class QueryRunner { if (!resp.error) { const globalUserId = getGlobalIDFromUserMetadataID(_id) await updateUserOAuth(globalUserId, resp) + this.ctx.user = await userCache.getUser(globalUserId) + } else { + // In this event the user may have oAuth issues that + // could require re-authenticating with their provider. + throw new Error("OAuth2 access token could not be refreshed") } return resp From 457a671831d8431776020ed2acbd2193cc9f24d8 Mon Sep 17 00:00:00 2001 From: Dean Date: Wed, 6 Jul 2022 13:03:25 +0100 Subject: [PATCH 2/3] Surface refresh process error messaging --- packages/server/src/threads/query.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/server/src/threads/query.js b/packages/server/src/threads/query.js index fa5cc3aa67..366155ecec 100644 --- a/packages/server/src/threads/query.js +++ b/packages/server/src/threads/query.js @@ -180,14 +180,14 @@ class QueryRunner { // Refresh session flow. Should be in same location as refreshOAuthToken // There are several other properties available in 'resp' - if (!resp.error) { + if (!resp.err) { const globalUserId = getGlobalIDFromUserMetadataID(_id) await updateUserOAuth(globalUserId, resp) this.ctx.user = await userCache.getUser(globalUserId) } else { // In this event the user may have oAuth issues that // could require re-authenticating with their provider. - throw new Error("OAuth2 access token could not be refreshed") + throw new Error("OAuth2 access token could not be refreshed: " + resp.err.toString()) } return resp From 36d69a0b81f79ee0d993f9c5d95d9cb5dab56668 Mon Sep 17 00:00:00 2001 From: Dean Date: Wed, 6 Jul 2022 13:09:13 +0100 Subject: [PATCH 3/3] Linting commit --- packages/server/src/threads/query.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/server/src/threads/query.js b/packages/server/src/threads/query.js index 366155ecec..7c94c3d25a 100644 --- a/packages/server/src/threads/query.js +++ b/packages/server/src/threads/query.js @@ -187,7 +187,9 @@ class QueryRunner { } else { // In this event the user may have oAuth issues that // could require re-authenticating with their provider. - throw new Error("OAuth2 access token could not be refreshed: " + resp.err.toString()) + throw new Error( + "OAuth2 access token could not be refreshed: " + resp.err.toString() + ) } return resp