Fixed bug with empty refresh token after refresh

pkirilin · Jan 20, 2024 · ded4016 · ded4016
1 parent 9108230
commit ded4016
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 13 deletions.
diff --git a/src/backend/src/FoodDiary.Application/Auth/GetStatus/GetStatusRequestHandler.cs b/src/backend/src/FoodDiary.Application/Auth/GetStatus/GetStatusRequestHandler.cs
@@ -46,16 +46,16 @@ public async Task<GetStatusResult> Handle(GetStatusRequest request, Cancellation
 
         logger.LogInformation("Access token for user {UserEmail} expired. Attempting to refresh token...", userEmail);
 
-        var accessToken = request.AuthResult.Properties.GetTokenValue(Constants.OpenIdConnectParameters.AccessToken);
-        var refreshToken = request.AuthResult.Properties.GetTokenValue(Constants.OpenIdConnectParameters.RefreshToken);
+        var existingAccessToken = request.AuthResult.Properties.GetTokenValue(Constants.OpenIdConnectParameters.AccessToken);
+        var existingRefreshToken = request.AuthResult.Properties.GetTokenValue(Constants.OpenIdConnectParameters.RefreshToken);
 
-        if (string.IsNullOrWhiteSpace(accessToken) || string.IsNullOrWhiteSpace(refreshToken))
+        if (string.IsNullOrWhiteSpace(existingAccessToken) || string.IsNullOrWhiteSpace(existingRefreshToken))
         {
             logger.LogInformation("Access and/or refresh tokens for user {UserEmail} were not found", userEmail);
             return await NotAuthenticated();
         }
 
-        var refreshTokenResult = await oAuthClient.RefreshToken(refreshToken, cancellationToken);
+        var refreshTokenResult = await oAuthClient.RefreshToken(existingRefreshToken, cancellationToken);
 
         if (refreshTokenResult is not RefreshTokenResult.Success refreshTokenResponse)
         {
@@ -75,7 +75,7 @@ public async Task<GetStatusResult> Handle(GetStatusRequest request, Cancellation
             return await NotAuthenticated();
         }
 
-        var tokens = CreateNewTokens(refreshTokenResponse);
+        var tokens = CreateNewTokens(refreshTokenResponse, existingRefreshToken);
 
         return await AuthenticatedWithNewTokens(request.AuthResult, tokens, userEmail);
     }
@@ -113,7 +113,9 @@ await httpContextAccessor.HttpContext.SignInAsync(
         return new GetStatusResult.Authenticated();
     }
 
-    private IEnumerable<AuthenticationToken> CreateNewTokens(RefreshTokenResult.Success refreshTokenResponse)
+    private IEnumerable<AuthenticationToken> CreateNewTokens(
+        RefreshTokenResult.Success refreshTokenResponse,
+        string existingRefreshToken)
     {
         var expiresAt = timeProvider.GetUtcNow() + TimeSpan.FromSeconds(refreshTokenResponse.ExpiresIn);
 
@@ -134,7 +136,7 @@ private IEnumerable<AuthenticationToken> CreateNewTokens(RefreshTokenResult.Succ
             new AuthenticationToken
             {
                 Name = Constants.OpenIdConnectParameters.RefreshToken,
-                Value = refreshTokenResponse.RefreshToken
+                Value = existingRefreshToken
             },
 
             new AuthenticationToken

diff --git a/src/backend/src/FoodDiary.Application/Auth/GetStatus/IOAuthClient.cs b/src/backend/src/FoodDiary.Application/Auth/GetStatus/IOAuthClient.cs
@@ -15,8 +15,6 @@ public record Success(
         string AccessToken,
         [property: JsonPropertyName("id_token")]
         string IdToken,
-        [property: JsonPropertyName("refresh_token")]
-        string RefreshToken,
         [property: JsonPropertyName("token_type")]
         string TokenType,
         [property: JsonPropertyName("expires_in")]
@@ -33,7 +31,7 @@ public record Success : GetUserInfoResult;
 
 public interface IOAuthClient
 {
-    Task<RefreshTokenResult> RefreshToken(string currentRefreshToken, CancellationToken cancellationToken);
+    Task<RefreshTokenResult> RefreshToken(string refreshToken, CancellationToken cancellationToken);
 
     Task<GetUserInfoResult> GetUserInfo(string accessToken, CancellationToken cancellationToken);
 }
diff --git a/src/backend/src/FoodDiary.Infrastructure/Integrations/Google/GoogleOAuthClient.cs b/src/backend/src/FoodDiary.Infrastructure/Integrations/Google/GoogleOAuthClient.cs
@@ -12,14 +12,14 @@ namespace FoodDiary.Infrastructure.Integrations.Google;
 
 public class GoogleOAuthClient(HttpClient httpClient, IOptions<GoogleAuthOptions> options) : IOAuthClient
 {
-    public async Task<RefreshTokenResult> RefreshToken(string currentRefreshToken, CancellationToken cancellationToken)
+    public async Task<RefreshTokenResult> RefreshToken(string refreshToken, CancellationToken cancellationToken)
     {
         var formValues = new List<KeyValuePair<string, string>>
         {
             new("grant_type", "refresh_token"),
             new("client_id", options.Value.ClientId),
             new("client_secret", options.Value.ClientSecret),
-            new("refresh_token", currentRefreshToken),
+            new("refresh_token", refreshToken),
             new("scope", $"{Constants.AuthenticationScopes.Openid} " +
                          $"{Constants.AuthenticationScopes.Profile} " +
                          $"{Constants.AuthenticationScopes.Email} " +

diff --git a/.../tests/FoodDiary.ComponentTests/Infrastructure/ExternalServices/GoogleIdentityProvider.cs b/.../tests/FoodDiary.ComponentTests/Infrastructure/ExternalServices/GoogleIdentityProvider.cs
@@ -24,7 +24,6 @@ public Task SetupAccessTokenSuccessfullyRefreshed()
             {
                 access_token = "new_fake_access_token",
                 expires_in = 3599,
-                refresh_token = "new_fake_refresh_token",
                 scope = $"{Constants.AuthenticationScopes.Openid} " +
                         $"{Constants.AuthenticationScopes.GoogleProfile} " +
                         $"{Constants.AuthenticationScopes.GoogleEmail} " +