Fixing bug - the refresh endpoint needs ReCodEx token properly injected.

Author: krulis-martin

app/helpers/Recodex/RecodexApiHelper.php

@@ -136,6 +136,7 @@ private function processJsonBody($response)
     {
         $code = $response->getStatusCode();
         if ($code === 401) { // unauthorized, token is probably invalid
+            Debugger::log("HTTP request to ReCodEx API failed (response $code).", Debugger::DEBUG);
             throw new InvalidAccessTokenException("Unauthorized request to ReCodEx API. Token is probably invalid.");
         }
 
@@ -238,6 +239,7 @@ public function getTokenAndUser(): array
         Debugger::log('ReCodEx::getTokenAndUser()', Debugger::DEBUG);
         $body = $this->post('extensions/' . $this->extensionId);
         if (!is_array($body) || empty($body['accessToken']) || empty($body['user'])) {
+            Debugger::log($body, Debugger::DEBUG);
             throw new RecodexApiException("Unexpected ReCodEx API response from extension token endpoint.");
         }
 
@@ -255,6 +257,7 @@ public function refreshToken(): array
         Debugger::log('ReCodEx::refreshToken()', Debugger::DEBUG);
         $body = $this->post('login/refresh');
         if (!is_array($body) || empty($body['accessToken']) || empty($body['user'])) {
+            Debugger::log($body, Debugger::DEBUG);
             throw new RecodexApiException("Unexpected ReCodEx API response from token refresh endpoint.");
         }
 

app/presenters/LoginPresenter.php

@@ -54,7 +54,6 @@ private function finalizeLogin(User $user, string $token): void
     {
         // part of the token is stored in the database, suffix goes into our token (payload)
         $tokenSuffix = $user->setRecodexToken($token);
-        $user->updatedNow();
         $this->users->persist($user);
 
         // generate our token for our frontend
@@ -100,6 +99,7 @@ public function actionDefault()
         } else {
             $recodexUser->updateUser($user);
         }
+        $user->updatedNow();
 
         $this->finalizeLogin($user, $recodexResponse['accessToken']);
     }
@@ -127,13 +127,27 @@ public function checkRefresh()
      */
     public function actionRefresh()
     {
+        // We need to inject the token manually here (this class is not derived from BasePresenterWithApi)
+        $user = $this->getCurrentUser();
+        $prefix = $user->getRecodexToken();
+        $suffix = $this->getAccessToken()->getPayloadOrDefault('suffix', null);
+
+        if (!$prefix || !$suffix) {
+            throw new ForbiddenRequestException("Cannot refresh token - user does not have a ReCodEx token.");
+        }
+
+        // Call ReCodEx API to refresh the token
+        $this->recodexApi->setAuthToken($prefix . $suffix);
         $recodexResponse = $this->recodexApi->refreshToken();
         /** @var RecodexUser */
         $recodexUser = $recodexResponse['user'];
 
-        // Update the user entity with new info from ReCodEx.
-        $user = $this->users->findOrThrow($recodexUser->getId());
-        $recodexUser->updateUser($user);
+        // Update the user entity if the token uses the same identity as the user
+        // (token may use identity override, in which case we do not want to update the user)
+        if ($recodexUser->getId() === $user->getId()) {
+            $recodexUser->updateUser($user);
+            $user->updatedNow();
+        }
 
         $this->finalizeLogin($user, $recodexResponse['accessToken']);
     }