mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2025-07-24 04:50:40 +00:00
Remove duplicate expiration check, add a log
This commit is contained in:
Timshel
parent
8105ed9e23
commit
93753b4a67
2 changed files with 9 additions and 12 deletions
|
|
@ -53,7 +53,7 @@ async fn login(data: Form<ConnectData>, client_header: ClientHeaders, mut conn:
|
|||
let login_result = match data.grant_type.as_ref() {
|
||||
"refresh_token" => {
|
||||
_check_is_some(&data.refresh_token, "refresh_token cannot be blank")?;
|
||||
_refresh_login(data, &mut conn).await
|
||||
_refresh_login(data, &mut conn, &client_header.ip).await
|
||||
}
|
||||
"password" if CONFIG.sso_enabled() && CONFIG.sso_only() => err!("SSO sign-in is required"),
|
||||
"password" => {
|
||||
|
|
@ -124,7 +124,7 @@ async fn login(data: Form<ConnectData>, client_header: ClientHeaders, mut conn:
|
|||
}
|
||||
|
||||
// Return Status::Unauthorized to trigger logout
|
||||
async fn _refresh_login(data: ConnectData, conn: &mut DbConn) -> JsonResult {
|
||||
async fn _refresh_login(data: ConnectData, conn: &mut DbConn, ip: &ClientIp) -> JsonResult {
|
||||
// Extract token
|
||||
let refresh_token = match data.refresh_token {
|
||||
Some(token) => token,
|
||||
|
|
@ -137,7 +137,7 @@ async fn _refresh_login(data: ConnectData, conn: &mut DbConn) -> JsonResult {
|
|||
// See: https://github.com/dani-garcia/vaultwarden/issues/4156
|
||||
// ---
|
||||
// let members = Membership::find_confirmed_by_user(&user.uuid, conn).await;
|
||||
match auth::refresh_tokens(&refresh_token, conn).await {
|
||||
match auth::refresh_tokens(ip, &refresh_token, conn).await {
|
||||
Err(err) => {
|
||||
err_code!(format!("Unable to refresh login credentials: {}", err.message()), Status::Unauthorized.code)
|
||||
}
|
||||
|
|
|
|||
15
src/auth.rs
15
src/auth.rs
|
|
@ -112,7 +112,7 @@ pub fn decode_jwt<T: DeserializeOwned>(token: &str, issuer: String) -> Result<T,
|
|||
ErrorKind::InvalidToken => err!("Token is invalid"),
|
||||
ErrorKind::InvalidIssuer => err!("Issuer is invalid"),
|
||||
ErrorKind::ExpiredSignature => err!("Token has expired"),
|
||||
_ => err!("Error decoding JWT"),
|
||||
_ => err!(format!("Error decoding JWT: {:?}", err)),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
@ -1177,11 +1177,12 @@ impl AuthTokens {
|
|||
}
|
||||
}
|
||||
|
||||
pub async fn refresh_tokens(refresh_token: &str, conn: &mut DbConn) -> ApiResult<(Device, AuthTokens)> {
|
||||
let time_now = Utc::now();
|
||||
|
||||
pub async fn refresh_tokens(ip: &ClientIp, refresh_token: &str, conn: &mut DbConn) -> ApiResult<(Device, AuthTokens)> {
|
||||
let refresh_claims = match decode_refresh(refresh_token) {
|
||||
Err(err) => err_silent!(format!("Impossible to read refresh_token: {}", err.message())),
|
||||
Err(err) => {
|
||||
debug!("Failed to decode {} refresh_token: {refresh_token}", ip.ip);
|
||||
err_silent!(format!("Impossible to read refresh_token: {}", err.message()))
|
||||
}
|
||||
Ok(claims) => claims,
|
||||
};
|
||||
|
||||
|
|
@ -1199,10 +1200,6 @@ pub async fn refresh_tokens(refresh_token: &str, conn: &mut DbConn) -> ApiResult
|
|||
Some(user) => user,
|
||||
};
|
||||
|
||||
if refresh_claims.exp < time_now.timestamp() {
|
||||
err!("Expired refresh token");
|
||||
}
|
||||
|
||||
let auth_tokens = match refresh_claims.sub {
|
||||
AuthMethod::Sso if CONFIG.sso_enabled() && CONFIG.sso_auth_only_not_session() => {
|
||||
AuthTokens::new(&device, &user, refresh_claims.sub)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue