Properly invalidate the cached user ensuring up-to-date credentials are always used
This commit is contained in:
parent
098c73143f
commit
9fcedfa979
|
@ -20,6 +20,8 @@ const {
|
|||
internalApi,
|
||||
} = require("./middleware")
|
||||
|
||||
const { invalidateUser } = require("./cache/user")
|
||||
|
||||
// Strategies
|
||||
passport.use(new LocalStrategy(local.options, local.authenticate))
|
||||
passport.use(new JwtStrategy(jwt.options, jwt.authenticate))
|
||||
|
@ -149,6 +151,8 @@ async function updateUserOAuth(userId, oAuthConfig) {
|
|||
}
|
||||
|
||||
await db.put(dbUser)
|
||||
|
||||
await invalidateUser(userId)
|
||||
} catch (e) {
|
||||
console.error("Could not update OAuth details for current user", e)
|
||||
}
|
||||
|
|
|
@ -8,6 +8,7 @@ const {
|
|||
refreshOAuthToken,
|
||||
updateUserOAuth,
|
||||
} = require("@budibase/backend-core/auth")
|
||||
const { user: userCache } = require("@budibase/backend-core/cache")
|
||||
const { getGlobalIDFromUserMetadataID } = require("../db/utils")
|
||||
|
||||
const { isSQL } = require("../integrations/utils")
|
||||
|
@ -112,15 +113,9 @@ class QueryRunner {
|
|||
info.code === 401 &&
|
||||
!this.hasRefreshedOAuth
|
||||
) {
|
||||
await this.refreshOAuth2(this.ctx)
|
||||
// Attempt to refresh the access token from the provider
|
||||
this.hasRefreshedOAuth = true
|
||||
const authResponse = await this.refreshOAuth2(this.ctx)
|
||||
|
||||
if (!authResponse || authResponse.err) {
|
||||
// In this event the user may have oAuth issues that
|
||||
// could require re-authenticating with their provider.
|
||||
throw new Error("OAuth2 access token could not be refreshed")
|
||||
}
|
||||
}
|
||||
|
||||
this.hasRerun = true
|
||||
|
@ -174,8 +169,7 @@ class QueryRunner {
|
|||
const { configId } = ctx.auth
|
||||
|
||||
if (!providerType || !oauth2?.refreshToken) {
|
||||
console.error("No refresh token found for authenticated user")
|
||||
return
|
||||
throw new Error("No refresh token found for authenticated user")
|
||||
}
|
||||
|
||||
const resp = await refreshOAuthToken(
|
||||
|
@ -189,6 +183,11 @@ class QueryRunner {
|
|||
if (!resp.error) {
|
||||
const globalUserId = getGlobalIDFromUserMetadataID(_id)
|
||||
await updateUserOAuth(globalUserId, resp)
|
||||
this.ctx.user = await userCache.getUser(globalUserId)
|
||||
} else {
|
||||
// In this event the user may have oAuth issues that
|
||||
// could require re-authenticating with their provider.
|
||||
throw new Error("OAuth2 access token could not be refreshed")
|
||||
}
|
||||
|
||||
return resp
|
||||
|
|
Loading…
Reference in New Issue