Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-07-17 00:32:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Increase robustness of the refresh method

Browse Source
This commit is contained in:
Jasper Weyne 2020-08-04 21:29:11 +02:00
parent 46388a591b
commit 6feaf25c90
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/Auth/Access/OpenIdService.php
View File

@ -8,7 +8,6 @@ use Exception;
use Lcobucci\JWT\Token;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use OpenIDConnectClient\AccessToken;
use OpenIDConnectClient\Exception\InvalidTokenException;
use OpenIDConnectClient\OpenIDConnectProvider;
/**
@ -63,11 +62,20 @@ class OpenIdService extends ExternalAuthService
{
// Retrieve access token for current session
$json = session()->get('openid_token');
// If no access token was found, reject the refresh
if (!$json) {
$this->actionLogout();
return false;
}
$accessToken = new AccessToken(json_decode($json, true) ?? []);
// Check if both the access token and the ID token (if present) are unexpired
$idToken = $accessToken->getIdToken();
if (!$accessToken->hasExpired() && (!$idToken || !$idToken->isExpired())) {
$accessTokenUnexpired = $accessToken->getExpires() && !$accessToken->hasExpired();
$idTokenUnexpired = !$idToken || !$idToken->isExpired();
if ($accessTokenUnexpired && $idTokenUnexpired) {
return true;
}