Fixed missing refresh token scopes

pkirilin · Jan 18, 2024 · bf2cc46 · bf2cc46
1 parent 0888e06
commit bf2cc46
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 34 deletions.
diff --git a/src/backend/src/FoodDiary.API/Startup.cs b/src/backend/src/FoodDiary.API/Startup.cs
@@ -68,11 +68,11 @@ public void ConfigureServices(IServiceCollection services)
                 options.SaveTokens = true;
                 options.AccessType = "offline";
                 options.ReturnUrlParameter = "returnUrl";
-                options.Scope.Add("openid");
-                options.Scope.Add("profile");
-                options.Scope.Add("email");
-                options.Scope.Add("https://www.googleapis.com/auth/documents");
-                options.Scope.Add("https://www.googleapis.com/auth/drive");
+                options.Scope.Add(Constants.AuthenticationScopes.Openid);
+                options.Scope.Add(Constants.AuthenticationScopes.Profile);
+                options.Scope.Add(Constants.AuthenticationScopes.Email);
+                options.Scope.Add(Constants.AuthenticationScopes.GoogleDocs);
+                options.Scope.Add(Constants.AuthenticationScopes.GoogleDrive);
             });
 
         services.AddAuthorization(options =>

diff --git a/src/backend/src/FoodDiary.Constants/Constants.cs b/src/backend/src/FoodDiary.Constants/Constants.cs
@@ -8,6 +8,17 @@ public static class AuthenticationSchemes
         public const string Cookie = "fd-auth";
     }
 
+    public static class AuthenticationScopes
+    {
+        public const string Openid = "openid";
+        public const string Profile = "profile";
+        public const string Email = "email";
+        public const string GoogleProfile = "https://www.googleapis.com/auth/userinfo.profile";
+        public const string GoogleEmail = "https://www.googleapis.com/auth/userinfo.email";
+        public const string GoogleDocs = "https://www.googleapis.com/auth/documents";
+        public const string GoogleDrive = "https://www.googleapis.com/auth/drive";
+    }
+
     public static class AuthenticationParameters
     {
         public static readonly TimeSpan CookieLifetime = TimeSpan.FromDays(7);

diff --git a/src/backend/src/FoodDiary.Infrastructure/Integrations/Google/GoogleOAuthClient.cs b/src/backend/src/FoodDiary.Infrastructure/Integrations/Google/GoogleOAuthClient.cs
@@ -10,34 +10,29 @@
 
 namespace FoodDiary.Infrastructure.Integrations.Google;
 
-public class GoogleOAuthClient : IOAuthClient
+public class GoogleOAuthClient(HttpClient httpClient, IOptions<GoogleAuthOptions> options) : IOAuthClient
 {
-    private readonly HttpClient _httpClient;
-    private readonly IOptions<GoogleAuthOptions> _options;
-
-    public GoogleOAuthClient(HttpClient httpClient, IOptions<GoogleAuthOptions> options)
-    {
-        _httpClient = httpClient;
-        _options = options;
-    }
-
     public async Task<RefreshTokenResult> RefreshToken(string currentRefreshToken, CancellationToken cancellationToken)
     {
         var formValues = new List<KeyValuePair<string, string>>
         {
             new("grant_type", "refresh_token"),
-            new("client_id", _options.Value.ClientId),
-            new("client_secret", _options.Value.ClientSecret),
+            new("client_id", options.Value.ClientId),
+            new("client_secret", options.Value.ClientSecret),
             new("refresh_token", currentRefreshToken),
-            new("scope", "openid profile email")
+            new("scope", $"{Constants.AuthenticationScopes.Openid} " +
+                         $"{Constants.AuthenticationScopes.Profile} " +
+                         $"{Constants.AuthenticationScopes.Email} " +
+                         $"{Constants.AuthenticationScopes.GoogleDocs} " +
+                         $"{Constants.AuthenticationScopes.GoogleDrive}")
         };
 
-        var request = new HttpRequestMessage(HttpMethod.Post, _options.Value.TokenEndpoint)
+        var request = new HttpRequestMessage(HttpMethod.Post, options.Value.TokenEndpoint)
         {
             Content = new FormUrlEncodedContent(formValues)
         };
 
-        var response = await _httpClient.SendAsync(request, cancellationToken);
+        var response = await httpClient.SendAsync(request, cancellationToken);
 
         if (!response.IsSuccessStatusCode)
         {
@@ -51,15 +46,15 @@ public async Task<RefreshTokenResult> RefreshToken(string currentRefreshToken, C
 
     public async Task<GetUserInfoResult> GetUserInfo(string accessToken, CancellationToken cancellationToken)
     {
-        var request = new HttpRequestMessage(HttpMethod.Get, _options.Value.UserInformationEndpoint)
+        var request = new HttpRequestMessage(HttpMethod.Get, options.Value.UserInformationEndpoint)
         {
             Headers =
             {
                 Authorization = new AuthenticationHeaderValue("Bearer", accessToken)
             }
         };
 
-        var response = await _httpClient.SendAsync(request, cancellationToken);
+        var response = await httpClient.SendAsync(request, cancellationToken);
 
         if (!response.IsSuccessStatusCode)
         {

diff --git a/.../tests/FoodDiary.ComponentTests/Infrastructure/ExternalServices/GoogleIdentityProvider.cs b/.../tests/FoodDiary.ComponentTests/Infrastructure/ExternalServices/GoogleIdentityProvider.cs
@@ -6,41 +6,38 @@
 
 namespace FoodDiary.ComponentTests.Infrastructure.ExternalServices;
 
-public class GoogleIdentityProvider
+public class GoogleIdentityProvider(IClient mountebankClient)
 {
-    private readonly IClient _mountebankClient;
-
-    public GoogleIdentityProvider(IClient mountebankClient)
-    {
-        _mountebankClient = mountebankClient;
-    }
-
     public const int Port = 4545;
 
     public Task Start()
     {
         var imposter = new HttpImposter(Port, nameof(GoogleIdentityProvider), new HttpImposterOptions());
-        return _mountebankClient.OverwriteAllImposters([imposter]);
+        return mountebankClient.OverwriteAllImposters([imposter]);
     }
 
     public Task SetupAccessTokenSuccessfullyRefreshed()
     {
-        return _mountebankClient.AddHttpImposterStubAsync(Port, new HttpStub()
+        return mountebankClient.AddHttpImposterStubAsync(Port, new HttpStub()
             .OnPathAndMethodEqual("/token", Method.Post)
             .ReturnsJson(HttpStatusCode.OK, new
             {
                 access_token = "new_fake_access_token",
                 expires_in = 3599,
                 refresh_token = "new_fake_refresh_token",
-                scope = "openid https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email",
+                scope = $"{Constants.AuthenticationScopes.Openid} " +
+                        $"{Constants.AuthenticationScopes.GoogleProfile} " +
+                        $"{Constants.AuthenticationScopes.GoogleEmail} " +
+                        $"{Constants.AuthenticationScopes.GoogleDocs} " +
+                        $"{Constants.AuthenticationScopes.GoogleDrive}",
                 token_type = "Bearer",
                 id_token = "new_fake_id_token"
             }));
     }
 
     public Task SetupUserInfoSuccessfullyReceived()
     {
-        return _mountebankClient.AddHttpImposterStubAsync(Port, new HttpStub()
+        return mountebankClient.AddHttpImposterStubAsync(Port, new HttpStub()
             .OnPathAndMethodEqual("/userinfo", Method.Get)
             .ReturnsJson(HttpStatusCode.OK, new {}));
     }