Properly invalidate the cached user ensuring up-to-date credentials are always used

This commit is contained in:
Dean 2022-07-06 11:51:48 +01:00
parent 098c73143f
commit 9fcedfa979
2 changed files with 12 additions and 9 deletions

View File

@ -20,6 +20,8 @@ const {
internalApi,
} = require("./middleware")
const { invalidateUser } = require("./cache/user")
// Strategies
passport.use(new LocalStrategy(local.options, local.authenticate))
passport.use(new JwtStrategy(jwt.options, jwt.authenticate))
@ -149,6 +151,8 @@ async function updateUserOAuth(userId, oAuthConfig) {
}
await db.put(dbUser)
await invalidateUser(userId)
} catch (e) {
console.error("Could not update OAuth details for current user", e)
}

View File

@ -8,6 +8,7 @@ const {
refreshOAuthToken,
updateUserOAuth,
} = require("@budibase/backend-core/auth")
const { user: userCache } = require("@budibase/backend-core/cache")
const { getGlobalIDFromUserMetadataID } = require("../db/utils")
const { isSQL } = require("../integrations/utils")
@ -112,15 +113,9 @@ class QueryRunner {
info.code === 401 &&
!this.hasRefreshedOAuth
) {
await this.refreshOAuth2(this.ctx)
// Attempt to refresh the access token from the provider
this.hasRefreshedOAuth = true
const authResponse = await this.refreshOAuth2(this.ctx)
if (!authResponse || authResponse.err) {
// In this event the user may have oAuth issues that
// could require re-authenticating with their provider.
throw new Error("OAuth2 access token could not be refreshed")
}
}
this.hasRerun = true
@ -174,8 +169,7 @@ class QueryRunner {
const { configId } = ctx.auth
if (!providerType || !oauth2?.refreshToken) {
console.error("No refresh token found for authenticated user")
return
throw new Error("No refresh token found for authenticated user")
}
const resp = await refreshOAuthToken(
@ -189,6 +183,11 @@ class QueryRunner {
if (!resp.error) {
const globalUserId = getGlobalIDFromUserMetadataID(_id)
await updateUserOAuth(globalUserId, resp)
this.ctx.user = await userCache.getUser(globalUserId)
} else {
// In this event the user may have oAuth issues that
// could require re-authenticating with their provider.
throw new Error("OAuth2 access token could not be refreshed")
}
return resp