Merge pull request #320 from supertokens/session-fix

fix: session fix

Author: rishabhpoddar

CHANGELOG.md

@@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [0.12.10] - 2023-07-31
+
+- Fixes error handling with regenerate access token when the access token of the session is revoked.
+- Fixes payload in get session when the  access token version <= 2
+
 ## [0.12.9] - 2023-07-26
 
 - Fixes an issue where updating the user's password from the user management dashboard would result in a crash when using the thirdpartyemailpassword recipe (https://github.com/supertokens/supertokens-golang/issues/311)

recipe/session/recipeImplementation.go

@@ -20,14 +20,15 @@ import (
 	"encoding/json"
 	defaultErrors "errors"
 	"fmt"
+	"reflect"
+	"sync"
+	"time"
+
 	"github.com/MicahParks/keyfunc"
 	"github.com/supertokens/supertokens-golang/recipe/session/claims"
 	"github.com/supertokens/supertokens-golang/recipe/session/errors"
 	"github.com/supertokens/supertokens-golang/recipe/session/sessmodels"
 	"github.com/supertokens/supertokens-golang/supertokens"
-	"reflect"
-	"sync"
-	"time"
 )
 
 var protectedProps = []string{
@@ -126,7 +127,8 @@ func getJWKS() (*keyfunc.JWKS, error) {
 	return nil, lastError
 }
 
-/**
+/*
+*
 This function fetches all JWKs from the first available core instance. This combines the other JWKS functions to become
 error resistant.
 
@@ -251,16 +253,20 @@ func MakeRecipeImplementation(querier supertokens.Querier, config sessmodels.Typ
 		supertokens.LogDebugMessage("getSession: Success!")
 		var payload map[string]interface{}
 
-		if !reflect.DeepEqual(response.AccessToken, sessmodels.CreateOrRefreshAPIResponseToken{}) {
-			parsedToken, parseErr := ParseJWTWithoutSignatureVerification(response.AccessToken.Token)
+		if accessToken.Version >= 3 {
+			if !reflect.DeepEqual(response.AccessToken, sessmodels.CreateOrRefreshAPIResponseToken{}) {
+				parsedToken, parseErr := ParseJWTWithoutSignatureVerification(response.AccessToken.Token)
 
-			if parseErr != nil {
-				return nil, parseErr
-			}
+				if parseErr != nil {
+					return nil, parseErr
+				}
 
-			payload = parsedToken.Payload
+				payload = parsedToken.Payload
+			} else {
+				payload = accessToken.Payload
+			}
 		} else {
-			payload = accessToken.Payload
+			payload = response.Session.UserDataInAccessToken
 		}
 
 		accessTokenStringForSession := *accessTokenString

recipe/session/session.go

@@ -157,14 +157,13 @@ func newSessionContainer(config sessmodels.TypeNormalisedInput, session *Session
 			}
 		}
 
-		querier, err := supertokens.GetNewQuerierInstanceOrThrowError("")
+		response, err := (*session.recipeImpl.RegenerateAccessToken)(sessionContainer.GetAccessToken(), &accessTokenPayload, userContext)
+
 		if err != nil {
 			return err
 		}
 
-		response, err := regenerateAccessTokenHelper(*querier, &accessTokenPayload, sessionContainer.GetAccessToken())
-
-		if err != nil {
+		if response == nil {
 			supertokens.LogDebugMessage(fmt.Sprintf("MergeIntoAccessTokenPayloadWithContext: Returning UnauthorizedError because we could not regenerate the session - %s", err))
 			return errors.UnauthorizedError{
 				Msg: errors.UnauthorizedErrorStr,

recipe/session/session_test.go

@@ -26,6 +26,7 @@ import (
 	"time"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/supertokens/supertokens-golang/recipe/session/errors"
 	"github.com/supertokens/supertokens-golang/recipe/session/sessmodels"
 	"github.com/supertokens/supertokens-golang/supertokens"
 	"github.com/supertokens/supertokens-golang/test/unittesting"
@@ -2075,6 +2076,44 @@ func TestThatGetSessionThrowsWIthDynamicKeysIfSessionWasCreatedWithStaticKeys(t
 	assert.Equal(t, err.Error(), "The access token doesn't match the useDynamicAccessTokenSigningKey setting")
 }
 
+func TestThatRevokedAccessTokenThrowsUnauthorisedErrorWhenRegenerateTokenIsCalled(t *testing.T) {
+	configValue := supertokens.TypeInput{
+		Supertokens: &supertokens.ConnectionInfo{
+			ConnectionURI: "http://localhost:8080",
+		},
+		AppInfo: supertokens.AppInfo{
+			APIDomain:     "api.supertokens.io",
+			AppName:       "SuperTokens",
+			WebsiteDomain: "supertokens.io",
+		},
+		RecipeList: []supertokens.Recipe{
+			Init(nil),
+		},
+	}
+
+	BeforeEach()
+	unittesting.StartUpST("localhost", "8080")
+	defer AfterEach()
+
+	err := supertokens.Init(configValue)
+	if err != nil {
+		t.Error(err.Error())
+	}
+	sessionContainer, err := CreateNewSessionWithoutRequestResponse("testing-user", map[string]interface{}{}, map[string]interface{}{}, nil)
+	if err != nil {
+		t.Error(err.Error())
+	}
+	_, err = RevokeSession(sessionContainer.GetHandle())
+	if err != nil {
+		t.Error(err.Error())
+	}
+
+	err = sessionContainer.MergeIntoAccessTokenPayload(map[string]interface{}{"key": "value"})
+	assert.NotNil(t, err)
+	_, ok := err.(errors.UnauthorizedError)
+	assert.True(t, ok)
+}
+
 func jwksLockTestRoutine(t *testing.T, shouldStop *bool, index int, group *sync.WaitGroup, doPost func([]string)) {
 	jwks, err := GetCombinedJWKS()
 	if err != nil {

supertokens/constants.go

@@ -21,7 +21,7 @@ const (
 )
 
 // VERSION current version of the lib
-const VERSION = "0.12.9"
+const VERSION = "0.12.10"
 
 var (
 	cdiSupported = []string{"2.21"}