Browse Source
Try old refresh token if we fail to decode jwt
pull/6629/head
Daniel García
2 weeks ago
No known key found for this signature in database
GPG Key ID: FC8A7D14C3CD543A
1 changed files with
14 additions and
2 deletions
-
src/auth.rs
|
|
@ -1210,8 +1210,20 @@ pub async fn refresh_tokens( |
|
|
) -> ApiResult<(Device, AuthTokens)> { |
|
|
) -> ApiResult<(Device, AuthTokens)> { |
|
|
let refresh_claims = match decode_refresh(refresh_token) { |
|
|
let refresh_claims = match decode_refresh(refresh_token) { |
|
|
Err(err) => { |
|
|
Err(err) => { |
|
|
debug!("Failed to decode {} refresh_token: {refresh_token}", ip.ip); |
|
|
error!("Failed to decode {} refresh_token: {refresh_token}: {err:?}", ip.ip); |
|
|
err_silent!(format!("Impossible to read refresh_token: {}", err.message())) |
|
|
//err_silent!(format!("Impossible to read refresh_token: {}", err.message()))
|
|
|
|
|
|
|
|
|
|
|
|
// If the token failed to decode, it was probably one of the old style tokens that was just a Base64 string.
|
|
|
|
|
|
// We can generate a claim for them for backwards compatibility. Note that the password refresh claims don't
|
|
|
|
|
|
// check expiration or issuer, so they're not included here.
|
|
|
|
|
|
RefreshJwtClaims { |
|
|
|
|
|
nbf: 0, |
|
|
|
|
|
exp: 0, |
|
|
|
|
|
iss: String::new(), |
|
|
|
|
|
sub: AuthMethod::Password, |
|
|
|
|
|
device_token: refresh_token.into(), |
|
|
|
|
|
token: None, |
|
|
|
|
|
} |
|
|
} |
|
|
} |
|
|
Ok(claims) => claims, |
|
|
Ok(claims) => claims, |
|
|
}; |
|
|
}; |
|
|
|
