BUG#AC-9337:Revoking or invalidating previous access tokens upon generating new access token

Rachana · Rachana · commit 35e6249e67a9 · 2024-04-29T22:56:19.000-07:00
diff --git a/app/code/Magento/Integration/Model/CustomerTokenService.php b/app/code/Magento/Integration/Model/CustomerTokenService.php
@@ -58,6 +58,7 @@ public function createCustomerAccessToken($username, $password)
         $this->getRequestThrottler()->throttle($username, RequestThrottler::USER_TYPE_CUSTOMER);
         try {
             $customerDataObject = $this->accountManagement->authenticate($username, $password);
+            $this->revokeCustomerAccessToken($customerDataObject->getId());
         } catch (EmailNotConfirmedException $exception) {
             $this->getRequestThrottler()->logAuthenticationFailure($username, RequestThrottler::USER_TYPE_CUSTOMER);
             throw $exception;
diff --git a/app/code/Magento/JwtUserToken/Model/Revoker.php b/app/code/Magento/JwtUserToken/Model/Revoker.php
@@ -36,7 +36,7 @@ public function revokeFor(UserContextInterface $userContext): void
     {
         //Invalidating all tokens issued before current datetime.
         $this->revokedRepo->saveRevoked(
-            new Revoked((int) $userContext->getUserType(), (int) $userContext->getUserId(), time())
+            new Revoked((int) $userContext->getUserType(), (int) $userContext->getUserId(), time()-1)
         );
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ public function revokeFor(UserContextInterface $userContext): void`
`36`	`36`	`{`
`37`	`37`	`//Invalidating all tokens issued before current datetime.`
`38`	`38`	`$this->revokedRepo->saveRevoked(`
`39`		`- new Revoked((int) $userContext->getUserType(), (int) $userContext->getUserId(), time())`
	`39`	`+ new Revoked((int) $userContext->getUserType(), (int) $userContext->getUserId(), time()-1)`
`40`	`40`	`);`
`41`	`41`	`}`
`42`	`42`	`}`