|
|
@ -1175,7 +1175,7 @@ impl AuthTokens { |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
// Create refresh_token and access_token with default validity
|
|
|
// Create refresh_token and access_token with default validity
|
|
|
pub fn new(device: &Device, user: &User, sub: AuthMethod, client_id: Option<String>) -> Self { |
|
|
pub fn new(device: &Device, user: &User, sub: AuthMethod, client_id: Option<String>, existing_refresh_claims: Option<&RefreshJwtClaims>) -> Self { |
|
|
let time_now = Utc::now(); |
|
|
let time_now = Utc::now(); |
|
|
|
|
|
|
|
|
let access_claims = LoginJwtClaims::default(device, user, &sub, client_id); |
|
|
let access_claims = LoginJwtClaims::default(device, user, &sub, client_id); |
|
|
@ -1196,10 +1196,8 @@ impl AuthTokens { |
|
|
}; |
|
|
}; |
|
|
|
|
|
|
|
|
let refresh_claims = if CONFIG.disable_refresh_token_renewal() { |
|
|
let refresh_claims = if CONFIG.disable_refresh_token_renewal() { |
|
|
match decode_refresh(&device.refresh_token) { |
|
|
// Use existing_refresh_claims if passed and config is enabled
|
|
|
Ok(original_claims) => original_claims, // reuse the original struct
|
|
|
existing_refresh_claims.cloned().unwrap_or(default_refresh_claims) |
|
|
Err(_) => default_refresh_claims, |
|
|
|
|
|
} |
|
|
|
|
|
} else { |
|
|
} else { |
|
|
default_refresh_claims |
|
|
default_refresh_claims |
|
|
}; |
|
|
}; |
|
|
@ -1241,14 +1239,14 @@ pub async fn refresh_tokens( |
|
|
|
|
|
|
|
|
let auth_tokens = match refresh_claims.sub { |
|
|
let auth_tokens = match refresh_claims.sub { |
|
|
AuthMethod::Sso if CONFIG.sso_enabled() && CONFIG.sso_auth_only_not_session() => { |
|
|
AuthMethod::Sso if CONFIG.sso_enabled() && CONFIG.sso_auth_only_not_session() => { |
|
|
AuthTokens::new(&device, &user, refresh_claims.sub, client_id) |
|
|
AuthTokens::new(&device, &user, refresh_claims.sub, client_id, refresh_claims) |
|
|
} |
|
|
} |
|
|
AuthMethod::Sso if CONFIG.sso_enabled() => { |
|
|
AuthMethod::Sso if CONFIG.sso_enabled() => { |
|
|
sso::exchange_refresh_token(&device, &user, client_id, refresh_claims).await? |
|
|
sso::exchange_refresh_token(&device, &user, client_id, refresh_claims).await? |
|
|
} |
|
|
} |
|
|
AuthMethod::Sso => err!("SSO is now disabled, Login again using email and master password"), |
|
|
AuthMethod::Sso => err!("SSO is now disabled, Login again using email and master password"), |
|
|
AuthMethod::Password if CONFIG.sso_enabled() && CONFIG.sso_only() => err!("SSO is now required, Login again"), |
|
|
AuthMethod::Password if CONFIG.sso_enabled() && CONFIG.sso_only() => err!("SSO is now required, Login again"), |
|
|
AuthMethod::Password => AuthTokens::new(&device, &user, refresh_claims.sub, client_id), |
|
|
AuthMethod::Password => AuthTokens::new(&device, &user, refresh_claims.sub, client_id, refresh_claims), |
|
|
_ => err!("Invalid auth method, cannot refresh token"), |
|
|
_ => err!("Invalid auth method, cannot refresh token"), |
|
|
}; |
|
|
}; |
|
|
|
|
|
|
|
|
|
Momi-V
4 weeks ago
HPPinata