Try to auto refresh on invalid and missing tokens as well

elpete · elpete · commit 02c861e15b8e · 2021-11-29T13:18:24.000-07:00
diff --git a/models/jwt/JwtService.cfc b/models/jwt/JwtService.cfc
@@ -903,23 +903,28 @@ component accessors="true" singleton threadsafe {
 		// Access Token Has Expired
 		catch ( TokenExpiredException e ) {
 			// Do we have autoRefreshValidator turned on and we have an incoming refresh token?
-			var refreshToken = discoverRefreshToken();
-			if ( variables.settings.jwt.enableAutoRefreshValidator && len( refreshToken ) ) {
-				// Try to Refresh the tokens
-				var newTokens = this.refreshToken( refreshToken );
-				// Setup payload + authenticate for current request
-				payload       = parseToken( newTokens.access_token );
-				// Send back as headers now that they are refreshed
-				variables.requestService
-					.getContext()
-					.setHTTPHeader(
-						name : variables.settings.jwt.customAuthHeader,
-						value: newTokens.access_token
-					)
-					.setHTTPHeader(
-						name : variables.settings.jwt.customRefreshHeader,
-						value: newTokens.refresh_token
-					);
+			if ( variables.settings.jwt.enableAutoRefreshValidator && len( discoverRefreshToken() ) ) {
+				autoRefreshTokens();
+			} else {
+				// Error out as normal
+				results.messages = e.type & ":" & e.message;
+				return results;
+			}
+		}
+		catch ( TokenInvalidException e ) {
+			// Do we have autoRefreshValidator turned on and we have an incoming refresh token?
+			if ( variables.settings.jwt.enableAutoRefreshValidator && len( discoverRefreshToken() ) ) {
+				autoRefreshTokens();
+			} else {
+				// Error out as normal
+				results.messages = e.type & ":" & e.message;
+				return results;
+			}
+		}
+		catch ( TokenNotFoundException e ) {
+			// Do we have autoRefreshValidator turned on and we have an incoming refresh token?
+			if ( variables.settings.jwt.enableAutoRefreshValidator && len( discoverRefreshToken() ) ) {
+				autoRefreshTokens();
 			} else {
 				// Error out as normal
 				results.messages = e.type & ":" & e.message;
@@ -952,6 +957,24 @@ component accessors="true" singleton threadsafe {
 		return results;
 	}
 
+	private function autoRefreshTokens() {
+		// Try to Refresh the tokens
+		var newTokens = this.refreshToken( discoverRefreshToken() );
+		// Setup payload + authenticate for current request
+		payload       = parseToken( newTokens.access_token );
+		// Send back as headers now that they are refreshed
+		variables.requestService
+			.getContext()
+			.setHTTPHeader(
+				name : variables.settings.jwt.customAuthHeader,
+				value: newTokens.access_token
+			)
+			.setHTTPHeader(
+				name : variables.settings.jwt.customRefreshHeader,
+				value: newTokens.refresh_token
+			);
+	}
+
 	/**
 	 * Verify if the jwt token has the appropriate scopes
 	 * @permission
diff --git a/test-harness/tests/specs/integration/JWTSpec.cfc b/test-harness/tests/specs/integration/JWTSpec.cfc
@@ -64,6 +64,17 @@ component extends="coldbox.system.testing.BaseTestCase" appMapping="/root" {
 							expect( results.messages ).toInclude( "TokenNotFoundException" );
 						} );
 					} );
+					given( "Auto refresh is on and no access token is sent but a refresh token is sent", function(){
+						then( "the validation should pass and we should return our two new tokens as headers", function(){
+							var oUser  = variables.userService.retrieveUserByUsername( "test" );
+							var tokens = variables.jwtService.fromUser( oUser );
+
+							getRequestContext().setValue( "x-refresh-token", tokens.refresh_token );
+
+							var results = variables.jwtService.validateSecurity( "" );
+							expect( results.allow ).toBeTrue();
+						} );
+					} );
 					given( "Auto refresh is on and an expired access token is sent but no refresh token is sent", function(){
 						then( "the validation should fail", function(){
 							getRequestContext().setValue( "x-auth-token", variables.expired_token );
