Skip to content

Commit

Permalink
Check that provider callback exists before refreshing tokens
Browse files Browse the repository at this point in the history
  • Loading branch information
@joelbutcher
joelbutcher committed Sep 12, 2023
1 parent 006612b commit 51df430
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 0 deletions.
6 changes: 6 additions & 0 deletions src/HasOauth2Tokens.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,12 @@ protected function token(): Attribute
*/
public function canRefreshToken(): bool
{
$provider = $this->getAttribute('provider');

if (! (Socialstream::$refreshTokenResolvers[$provider] ?? null)) {
return false;
}

return $this->hasExpiredToken() && $this->hasRefreshToken();
}

Expand Down
20 changes: 20 additions & 0 deletions tests/Unit/RefreshesOauthTokensTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,3 +109,23 @@
$this->assertNotEquals('new-refresh-token', $connectedAccount->refresh_token);
$this->assertEquals(null, $connectedAccount->secret);
});

it('does not allow refreshing tokens if a callback does not exist', function () {
$this->migrate();

$providerUser = new OAuth2User;
$providerUser->id = '1234567890';
$providerUser->name = 'Joel Butcher';
$providerUser->email = 'joel@socialstream.com';
$providerUser->token = Str::random(64);
$providerUser->refreshToken = Str::random(64);
$providerUser->expiresIn = 0;

sleep(1);

$createAction = new CreateUserFromProvider(new CreateConnectedAccount);
$user = $createAction->create('custom-provider', $providerUser);
$connectedAccount = $user->currentConnectedAccount;

$this->assertFalse($connectedAccount->canRefreshToken());
});

0 comments on commit 51df430

Please sign in to comment.