fix: refresh token login method claim

lakhansamani · lakhansamani · commit 307c6f7d15d9 · 2022-11-04T01:40:18.000+05:30
diff --git a/server/handlers/token.go b/server/handlers/token.go
@@ -167,7 +167,7 @@ func TokenHandler() gin.HandlerFunc {
 				return
 			}
 			userID = claims["sub"].(string)
-			loginMethod := claims["login_method"]
+			claimLoginMethod := claims["login_method"]
 			rolesInterface := claims["roles"].([]interface{})
 			scopeInterface := claims["scope"].([]interface{})
 			for _, v := range rolesInterface {
@@ -178,9 +178,11 @@ func TokenHandler() gin.HandlerFunc {
 			}
 
 			sessionKey = userID
-			if loginMethod != nil && loginMethod != "" {
-				sessionKey = loginMethod.(string) + ":" + sessionKey
+			if claimLoginMethod != nil && claimLoginMethod != "" {
+				sessionKey = claimLoginMethod.(string) + ":" + sessionKey
+				loginMethod = claimLoginMethod.(string)
 			}
+
 			// remove older refresh token and rotate it for security
 			go memorystore.Provider.DeleteUserSession(sessionKey, claims["nonce"].(string))
 		}
@@ -213,6 +215,7 @@ func TokenHandler() gin.HandlerFunc {
 			})
 			return
 		}
+
 		memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
 		memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
 		cookie.SetSession(gc, authToken.FingerPrintHash)
diff --git a/server/token/auth_token.go b/server/token/auth_token.go
@@ -256,7 +256,6 @@ func ValidateRefreshToken(gc *gin.Context, refreshToken string) (map[string]inte
 	if loginMethod != nil && loginMethod != "" {
 		sessionKey = loginMethod.(string) + ":" + userID
 	}
-
 	token, err := memorystore.Provider.GetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+nonce)
 	if nonce == "" || err != nil {
 		return res, fmt.Errorf(`unauthorized`)

Original file line number	Diff line number	Diff line change
`@@ -167,7 +167,7 @@ func TokenHandler() gin.HandlerFunc {`
`167`	`167`	`return`
`168`	`168`	`}`
`169`	`169`	`userID = claims["sub"].(string)`
`170`		`- loginMethod := claims["login_method"]`
	`170`	`+ claimLoginMethod := claims["login_method"]`
`171`	`171`	`rolesInterface := claims["roles"].([]interface{})`
`172`	`172`	`scopeInterface := claims["scope"].([]interface{})`
`173`	`173`	`for _, v := range rolesInterface {`
`@@ -178,9 +178,11 @@ func TokenHandler() gin.HandlerFunc {`
`178`	`178`	`}`
`179`	`179`
`180`	`180`	`sessionKey = userID`
`181`		`- if loginMethod != nil && loginMethod != "" {`
`182`		`- sessionKey = loginMethod.(string) + ":" + sessionKey`
	`181`	`+ if claimLoginMethod != nil && claimLoginMethod != "" {`
	`182`	`+ sessionKey = claimLoginMethod.(string) + ":" + sessionKey`
	`183`	`+ loginMethod = claimLoginMethod.(string)`
`183`	`184`	`}`
	`185`	`+`
`184`	`186`	`// remove older refresh token and rotate it for security`
`185`	`187`	`go memorystore.Provider.DeleteUserSession(sessionKey, claims["nonce"].(string))`
`186`	`188`	`}`
`@@ -213,6 +215,7 @@ func TokenHandler() gin.HandlerFunc {`
`213`	`215`	`})`
`214`	`216`	`return`
`215`	`217`	`}`
	`218`	`+`
`216`	`219`	`memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)`
`217`	`220`	`memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)`
`218`	`221`	`cookie.SetSession(gc, authToken.FingerPrintHash)`
Original file line number	Diff line number	Diff line change
`@@ -256,7 +256,6 @@ func ValidateRefreshToken(gc *gin.Context, refreshToken string) (map[string]inte`
`256`	`256`	`if loginMethod != nil && loginMethod != "" {`
`257`	`257`	`sessionKey = loginMethod.(string) + ":" + userID`
`258`	`258`	`}`
`259`		`-`
`260`	`259`	`token, err := memorystore.Provider.GetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+nonce)`
`261`	`260`	`if nonce == "" \|\| err != nil {`
`262`	`261`	return res, fmt.Errorf(`unauthorized`)