topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

pass original refresh_claim into renewal function

pull/6433/head
Momi-V 4 weeks ago
committed by HPPinata
parent
e38a5fc0bb
commit
aea2b84de9
1 changed files with 5 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      src/auth.rs

12
src/auth.rs
View File

@ -1175,7 +1175,7 @@ impl AuthTokens {
}
// Create refresh_token and access_token with default validity
pub fn new(device: &Device, user: &User, sub: AuthMethod, client_id: Option<String>) -> Self {
pub fn new(device: &Device, user: &User, sub: AuthMethod, client_id: Option<String>, existing_refresh_claims: Option<&RefreshJwtClaims>) -> Self {
let time_now = Utc::now();
let access_claims = LoginJwtClaims::default(device, user, &sub, client_id);
@ -1196,10 +1196,8 @@ impl AuthTokens {
};
let refresh_claims = if CONFIG.disable_refresh_token_renewal() {
match decode_refresh(&device.refresh_token) {
Ok(original_claims) => original_claims, // reuse the original struct
Err(_) => default_refresh_claims,
}
// Use existing_refresh_claims if passed and config is enabled
existing_refresh_claims.cloned().unwrap_or(default_refresh_claims)
} else {
default_refresh_claims
};
@ -1241,14 +1239,14 @@ pub async fn refresh_tokens(
let auth_tokens = match refresh_claims.sub {
AuthMethod::Sso if CONFIG.sso_enabled() && CONFIG.sso_auth_only_not_session() => {
AuthTokens::new(&device, &user, refresh_claims.sub, client_id)
AuthTokens::new(&device, &user, refresh_claims.sub, client_id, refresh_claims)
}
AuthMethod::Sso if CONFIG.sso_enabled() => {
sso::exchange_refresh_token(&device, &user, client_id, refresh_claims).await?
}
AuthMethod::Sso => err!("SSO is now disabled, Login again using email and master password"),
AuthMethod::Password if CONFIG.sso_enabled() && CONFIG.sso_only() => err!("SSO is now required, Login again"),
AuthMethod::Password => AuthTokens::new(&device, &user, refresh_claims.sub, client_id),
AuthMethod::Password => AuthTokens::new(&device, &user, refresh_claims.sub, client_id, refresh_claims),
_ => err!("Invalid auth method, cannot refresh token"),
};

Write Preview
Loading…
Cancel
Save