#1088 fix refresh token issue

Thomasr · ludomikula · commit 032d2e78fcfe · 2024-09-10T10:29:00.000+02:00
- update activeauthtoken when first login
- only update accesstoken and expirein when refreshing
- check if refresh token is empty
diff --git a/server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/user/service/UserServiceImpl.java b/server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/user/service/UserServiceImpl.java
@@ -210,7 +210,10 @@ public Mono<Boolean> bindEmail(User user, String email) {
     @Override
     public Mono<Boolean> addNewConnection(String userId, Connection connection) {
         return findById(userId)
-                .doOnNext(user -> user.getConnections().add(connection))
+                .doOnNext(user -> {
+                    user.getConnections().add(connection);
+                    user.setActiveAuthId(connection.getAuthId());
+                })
                 .flatMap(repository::save)
                 .then(Mono.just(true));
     }
diff --git a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/request/oauth2/request/AbstractOauth2Request.java b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/request/oauth2/request/AbstractOauth2Request.java
@@ -39,7 +39,11 @@ public Mono<AuthUser> auth(AuthRequestContext authRequestContext) {
 
     public Mono<AuthUser> refresh(String refreshToken) {
         return refreshAuthToken(refreshToken)
-                .flatMap(authToken -> getAuthUser(authToken).doOnNext(authUser -> authUser.setAuthToken(authToken)))
+                .flatMap(authToken -> getAuthUser(authToken).doOnNext(authUser -> {
+                    assert authUser.getAuthToken() != null;
+                    authUser.getAuthToken().setAccessToken(authToken.getAccessToken());
+                    authUser.getAuthToken().setExpireIn(authToken.getExpireIn());
+                }))
                 .onErrorResume(throwable -> {
                     log.error("failed to refresh token: ", throwable);
                     return deferredError(FAIL_TO_GET_OIDC_INFO, "FAIL_TO_GET_OIDC_INFO", throwable.getMessage());
diff --git a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/filter/UserSessionPersistenceFilter.java b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/filter/UserSessionPersistenceFilter.java
@@ -2,6 +2,7 @@
 
 import jakarta.annotation.Nonnull;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang3.tuple.Triple;
 import org.lowcoder.api.authentication.request.AuthRequest;
 import org.lowcoder.api.authentication.request.AuthRequestFactory;
@@ -128,6 +129,10 @@ private Mono<User> refreshOauthToken(Triple<User, Connection, String> triple) {
                         return Mono.just(user);
                     }
                     try {
+                        if (StringUtils.isEmpty(connection.getAuthConnectionAuthToken().getRefreshToken())) {
+                            log.error("Refresh token is empty");
+                            throw new Exception("Refresh token is empty");
+                        }
                         AuthUser authUser = authRequest.refresh(connection.getAuthConnectionAuthToken().getRefreshToken()).block();
                         authUser.setAuthContext(oAuth2RequestContext);
                         authenticationApiService.updateConnection(authUser, user);
