llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 02:35:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: refresh_token endpoint does not work (#410)

Browse Source 
Signed-off-by: 0x2a <stevesough@gmail.com>
This commit is contained in:
Steve0x2a 2022-01-01 15:20:49 +08:00 committed by GitHub
parent ff22bf507f
commit ffc0a0e0d5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 44 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
authz/authz.go
View File

@ -80,6 +80,7 @@ p, *, *, GET, /api/get-app-login, *, *
p, *, *, POST, /api/logout, *, * p, *, *, POST, /api/logout, *, *
p, *, *, GET, /api/get-account, *, * p, *, *, GET, /api/get-account, *, *
p, *, *, POST, /api/login/oauth/access_token, *, * p, *, *, POST, /api/login/oauth/access_token, *, *
p, *, *, POST, /api/login/oauth/refresh_token, *, *
p, *, *, GET, /api/get-application, *, * p, *, *, GET, /api/get-application, *, *
p, *, *, GET, /api/get-users, *, * p, *, *, GET, /api/get-users, *, *
p, *, *, GET, /api/get-user, *, * p, *, *, GET, /api/get-user, *, *

73
object/token.go
View File

@ -17,7 +17,6 @@ package object
import ( import (
"fmt" "fmt"
"strings" "strings"
"time"
"github.com/casbin/casdoor/util" "github.com/casbin/casdoor/util"
"xorm.io/core" "xorm.io/core"
@ -302,57 +301,63 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
return tokenWrapper return tokenWrapper
} }
func RefreshToken(grantType string, refreshToken string, scope string, clientId string, clientSecret string) *Code { func RefreshToken(grantType string, refreshToken string, scope string, clientId string, clientSecret string) *TokenWrapper {
// check parameters // check parameters
if grantType != "refresh_token" { if grantType != "refresh_token" {
return &Code{ return &TokenWrapper{
Message: "error: grant_type should be \"refresh_token\"", AccessToken: "error: grant_type should be \"refresh_token\"",
Code: "", TokenType: "",
ExpiresIn: 0,
Scope: "",
} }
} }
application := GetApplicationByClientId(clientId) application := GetApplicationByClientId(clientId)
if application == nil { if application == nil {
return &Code{ return &TokenWrapper{
Message: "error: invalid client_id", AccessToken: "error: invalid client_id",
Code: "", TokenType: "",
ExpiresIn: 0,
Scope: "",
} }
} }
if application.ClientSecret != clientSecret { if application.ClientSecret != clientSecret {
return &Code{ return &TokenWrapper{
Message: "error: invalid client_secret", AccessToken: "error: invalid client_secret",
Code: "", TokenType: "",
ExpiresIn: 0,
Scope: "",
} }
} }
// check whether the refresh token is valid, and has not expired. // check whether the refresh token is valid, and has not expired.
token := Token{RefreshToken: refreshToken} token := Token{RefreshToken: refreshToken}
existed, err := adapter.Engine.Get(&token) existed, err := adapter.Engine.Get(&token)
if err != nil || !existed { if err != nil || !existed {
return &Code{ return &TokenWrapper{
Message: "error: invalid refresh_token", AccessToken: "error: invalid refresh_token",
Code: "", TokenType: "",
ExpiresIn: 0,
Scope: "",
} }
} }
cert := getCertByApplication(application) cert := getCertByApplication(application)
claims, err := ParseJwtToken(refreshToken, cert) _, err = ParseJwtToken(refreshToken, cert)
if err != nil { if err != nil {
return &Code{ return &TokenWrapper{
Message: "error: invalid refresh_token", AccessToken: fmt.Sprintf("error: %s", err.Error()),
Code: "", TokenType: "",
} ExpiresIn: 0,
} Scope: "",
if time.Now().Unix() > claims.ExpiresAt.Unix() {
return &Code{
Message: "error: expired refresh_token",
Code: "",
} }
} }
// generate a new token // generate a new token
user := getUser(application.Owner, token.User) user := getUser(application.Organization, token.User)
if user.IsForbidden { if user.IsForbidden {
return &Code{ return &TokenWrapper{
Message: "error: the user is forbidden to sign in, please contact the administrator", AccessToken: "error: the user is forbidden to sign in, please contact the administrator",
Code: "", TokenType: "",
ExpiresIn: 0,
Scope: "",
} }
} }
newAccessToken, newRefreshToken, err := generateJwtToken(application, user, "") newAccessToken, newRefreshToken, err := generateJwtToken(application, user, "")
@ -376,8 +381,14 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
} }
AddToken(newToken) AddToken(newToken)
return &Code{ tokenWrapper := &TokenWrapper{
Message: "", AccessToken: token.AccessToken,
Code: token.Code, IdToken: token.AccessToken,
RefreshToken: token.RefreshToken,
TokenType: token.TokenType,
ExpiresIn: token.ExpiresIn,
Scope: token.Scope,
} }
return tokenWrapper
} }

1
routers/router.go
View File

@ -119,6 +119,7 @@ func initAPI() {
beego.Router("/api/delete-token", &controllers.ApiController{}, "POST:DeleteToken") beego.Router("/api/delete-token", &controllers.ApiController{}, "POST:DeleteToken")
beego.Router("/api/login/oauth/code", &controllers.ApiController{}, "POST:GetOAuthCode") beego.Router("/api/login/oauth/code", &controllers.ApiController{}, "POST:GetOAuthCode")
beego.Router("/api/login/oauth/access_token", &controllers.ApiController{}, "POST:GetOAuthToken") beego.Router("/api/login/oauth/access_token", &controllers.ApiController{}, "POST:GetOAuthToken")
beego.Router("/api/login/oauth/refresh_token", &controllers.ApiController{}, "POST:RefreshToken")
beego.Router("/api/get-records", &controllers.ApiController{}, "GET:GetRecords") beego.Router("/api/get-records", &controllers.ApiController{}, "GET:GetRecords")
beego.Router("/api/get-records-filter", &controllers.ApiController{}, "POST:GetRecordsByFilter") beego.Router("/api/get-records-filter", &controllers.ApiController{}, "POST:GetRecordsByFilter")