MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6575 from Budibase/fix/sso-stale-credentials 

Properly invalidate the cached user
This commit is contained in:
deanhannigan 2022-07-06 13:25:39 +01:00 committed by GitHub
parent fd29942f33 a59d0c7f31
commit b8b54d64f4
2 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/backend-core/src/auth.js
View File

@ -20,6 +20,8 @@ const {
internalApi, internalApi,
} = require("./middleware") } = require("./middleware")
const { invalidateUser } = require("./cache/user")
// Strategies // Strategies
passport.use(new LocalStrategy(local.options, local.authenticate)) passport.use(new LocalStrategy(local.options, local.authenticate))
passport.use(new JwtStrategy(jwt.options, jwt.authenticate)) passport.use(new JwtStrategy(jwt.options, jwt.authenticate))
@ -149,6 +151,8 @@ async function updateUserOAuth(userId, oAuthConfig) {
} }
await db.put(dbUser) await db.put(dbUser)
await invalidateUser(userId)
} catch (e) { } catch (e) {
console.error("Could not update OAuth details for current user", e) console.error("Could not update OAuth details for current user", e)
} }

21
packages/server/src/threads/query.js
View File

@ -8,6 +8,7 @@ const {
refreshOAuthToken, refreshOAuthToken,
updateUserOAuth, updateUserOAuth,
} = require("@budibase/backend-core/auth") } = require("@budibase/backend-core/auth")
const { user: userCache } = require("@budibase/backend-core/cache")
const { getGlobalIDFromUserMetadataID } = require("../db/utils") const { getGlobalIDFromUserMetadataID } = require("../db/utils")
const { isSQL } = require("../integrations/utils") const { isSQL } = require("../integrations/utils")
@ -112,15 +113,9 @@ class QueryRunner {
info.code === 401 && info.code === 401 &&
!this.hasRefreshedOAuth !this.hasRefreshedOAuth
) { ) {
await this.refreshOAuth2(this.ctx)
// Attempt to refresh the access token from the provider // Attempt to refresh the access token from the provider
this.hasRefreshedOAuth = true this.hasRefreshedOAuth = true
const authResponse = await this.refreshOAuth2(this.ctx)
if (!authResponse || authResponse.err) {
// In this event the user may have oAuth issues that
// could require re-authenticating with their provider.
throw new Error("OAuth2 access token could not be refreshed")
}
} }
this.hasRerun = true this.hasRerun = true
@ -174,8 +169,7 @@ class QueryRunner {
const { configId } = ctx.auth const { configId } = ctx.auth
if (!providerType || !oauth2?.refreshToken) { if (!providerType || !oauth2?.refreshToken) {
console.error("No refresh token found for authenticated user") throw new Error("No refresh token found for authenticated user")
return
} }
const resp = await refreshOAuthToken( const resp = await refreshOAuthToken(
@ -186,9 +180,16 @@ class QueryRunner {
// Refresh session flow. Should be in same location as refreshOAuthToken // Refresh session flow. Should be in same location as refreshOAuthToken
// There are several other properties available in 'resp' // There are several other properties available in 'resp'
if (!resp.error) { if (!resp.err) {
const globalUserId = getGlobalIDFromUserMetadataID(_id) const globalUserId = getGlobalIDFromUserMetadataID(_id)
await updateUserOAuth(globalUserId, resp) await updateUserOAuth(globalUserId, resp)
this.ctx.user = await userCache.getUser(globalUserId)
} else {
// In this event the user may have oAuth issues that
// could require re-authenticating with their provider.
throw new Error(
"OAuth2 access token could not be refreshed: " + resp.err.toString()
)
} }
return resp return resp