devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

Implement refresh token logic with fingerprint + rotation

Browse Source
This commit is contained in:
Lakhan Samani
2022-01-23 01:24:41 +05:30
parent 0511e737ae
commit 7f18a3f634
50 changed files with 802 additions and 560 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
server/resolvers/update_user.go
View File

@@ -8,12 +8,14 @@ import (
"time"
"github.com/authorizerdev/authorizer/server/constants"
"github.com/authorizerdev/authorizer/server/cookie"
"github.com/authorizerdev/authorizer/server/db"
"github.com/authorizerdev/authorizer/server/db/models"
"github.com/authorizerdev/authorizer/server/email"
"github.com/authorizerdev/authorizer/server/envstore"
"github.com/authorizerdev/authorizer/server/graph/model"
"github.com/authorizerdev/authorizer/server/session"
"github.com/authorizerdev/authorizer/server/sessionstore"
"github.com/authorizerdev/authorizer/server/token"
"github.com/authorizerdev/authorizer/server/utils"
)
@@ -26,7 +28,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
return res, err
}
if !utils.IsSuperAdmin(gc) {
if !token.IsSuperAdmin(gc) {
return res, fmt.Errorf("unauthorized")
}
@@ -93,19 +95,19 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
return res, fmt.Errorf("user with this email address already exists")
}
session.DeleteAllUserSession(fmt.Sprintf("%v", user.ID))
utils.DeleteCookie(gc)
sessionstore.DeleteAllUserSession(fmt.Sprintf("%v", user.ID))
cookie.DeleteCookie(gc)
user.Email = newEmail
user.EmailVerifiedAt = nil
// insert verification request
verificationType := constants.VerificationTypeUpdateEmail
token, err := utils.CreateVerificationToken(newEmail, verificationType)
verificationToken, err := token.CreateVerificationToken(newEmail, verificationType)
if err != nil {
log.Println(`error generating token`, err)
}
db.Provider.AddVerificationRequest(models.VerificationRequest{
Token: token,
Token: verificationToken,
Identifier: verificationType,
ExpiresAt: time.Now().Add(time.Minute * 30).Unix(),
Email: newEmail,
@@ -113,7 +115,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
// exec it as go routin so that we can reduce the api latency
go func() {
email.SendVerificationMail(newEmail, token)
email.SendVerificationMail(newEmail, verificationToken)
}()
}
@@ -133,8 +135,8 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
rolesToSave = strings.Join(inputRoles, ",")
}
session.DeleteAllUserSession(fmt.Sprintf("%v", user.ID))
utils.DeleteCookie(gc)
sessionstore.DeleteAllUserSession(fmt.Sprintf("%v", user.ID))
cookie.DeleteCookie(gc)
}
if rolesToSave != "" {