chore: synchronize workspaces

ory · Oct 14, 2024 · e8ebba8 · e8ebba8
1 parent 10d82e7
commit e8ebba8
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 33 deletions.
diff --git a/...tence/sql/migrations/20220214121000000000_add_refresh_token_in_grace_period_flag.down.sql b/...tence/sql/migrations/20220214121000000000_add_refresh_token_in_grace_period_flag.down.sql
diff --git a/...istence/sql/migrations/20220214121000000000_add_refresh_token_in_grace_period_flag.up.sql b/...istence/sql/migrations/20220214121000000000_add_refresh_token_in_grace_period_flag.up.sql
diff --git a/...tence/sql/migrations/20241014121000000000_add_refresh_token_in_grace_period_flag.down.sql b/...tence/sql/migrations/20241014121000000000_add_refresh_token_in_grace_period_flag.down.sql
@@ -0,0 +1 @@
+ALTER TABLE hydra_oauth2_refresh DROP COLUMN first_used_at;
diff --git a/...istence/sql/migrations/20241014121000000000_add_refresh_token_in_grace_period_flag.up.sql b/...istence/sql/migrations/20241014121000000000_add_refresh_token_in_grace_period_flag.up.sql
@@ -0,0 +1 @@
+ALTER TABLE hydra_oauth2_refresh ADD first_used_at TIMESTAMP DEFAULT NULL;
diff --git a/persistence/sql/persister_oauth2.go b/persistence/sql/persister_oauth2.go
@@ -254,7 +254,7 @@ func (p *Persister) createSession(ctx context.Context, signature string, request
 	return nil
 }
 
-func (p *Persister) updateRefreshSession(ctx context.Context, requestId string, session fosite.Session, inGracePeriod bool) error {
+func (p *Persister) updateRefreshSession(ctx context.Context, requestId string, session fosite.Session, firstUsedAt sqlxx.NullTime) error {
 	_, ok := session.(*oauth2.Session)
 	if !ok && session != nil {
 		return errors.Errorf("expected session to be of type *oauth2.Session but got: %T", session)
@@ -264,11 +264,11 @@ func (p *Persister) updateRefreshSession(ctx context.Context, requestId string,
 		return err
 	}
 
-	updateSql := fmt.Sprintf("UPDATE %s SET session_data = ?, in_grace_period = ? WHERE request_id = ?",
+	updateSql := fmt.Sprintf("UPDATE %s SET session_data = ?, first_used_at = ? WHERE request_id = ?",
 		OAuth2RequestSQL{Table: sqlTableRefresh}.TableName())
 
 	return p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
-		err := p.Connection(ctx).RawQuery(updateSql, sessionBytes, inGracePeriod, requestId).Exec()
+		err := p.Connection(ctx).RawQuery(updateSql, sessionBytes, firstUsedAt, requestId).Exec()
 		if errors.Is(err, sql.ErrNoRows) {
 			return errorsx.WithStack(fosite.ErrNotFound)
 		} else if err != nil {
@@ -345,21 +345,21 @@ func (p *Persister) deactivateSessionByRequestID(ctx context.Context, id string,
 	return sqlcon.HandleError(
 		p.Connection(ctx).
 			RawQuery(
-				fmt.Sprintf("UPDATE %s SET active=false, in_grace_period=false WHERE request_id=? AND nid = ? AND active=true", OAuth2RequestSQL{Table: table}.TableName()),
+				fmt.Sprintf("UPDATE %s SET active=false, first_used_at=CURRENT_TIMESTAMP WHERE request_id=? AND nid = ? AND active=true", OAuth2RequestSQL{Table: table}.TableName()),
 				id,
 				p.NetworkID(ctx),
 			).
 			Exec(),
 	)
 }
 
-func (p *Persister) getRefreshTokenGracePeriodStatusBySignature(ctx context.Context, signature string) (_ bool, err error) {
+func (p *Persister) getRefreshTokenGracePeriodStatusBySignature(ctx context.Context, signature string) (_ sqlxx.NullTime, err error) {
 	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.getRefreshTokenGracePeriodStatusBySignature")
 	defer otelx.End(span, &err)
 
-	var inGracePeriod bool
+	var inGracePeriod sqlxx.NullTime
 	return inGracePeriod, p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
-		query := fmt.Sprintf("SELECT in_grace_period FROM %s WHERE signature = ?", OAuth2RequestSQL{Table: sqlTableRefresh}.TableName())
+		query := fmt.Sprintf("SELECT first_used_at FROM %s WHERE signature = ?", OAuth2RequestSQL{Table: sqlTableRefresh}.TableName())
 		err := p.Connection(ctx).RawQuery(query, signature).First(&inGracePeriod)
 		if errors.Is(err, sql.ErrNoRows) {
 			return errorsx.WithStack(fosite.ErrNotFound)
@@ -552,30 +552,32 @@ func (p *Persister) RevokeRefreshTokenMaybeGracePeriod(ctx context.Context, id s
 		return p.deactivateSessionByRequestID(ctx, id, sqlTableRefresh)
 	}
 
-	var requester fosite.Requester
-	session := new(oauth2.Session)
-	if requester, err = p.GetRefreshTokenSession(ctx, signature, session); err != nil {
-		p.l.Errorf("signature: %s not found. grace period not applied", id)
-		return errors.WithStack(err)
-	}
-
-	var inGracePeriod bool
-	if inGracePeriod, err = p.getRefreshTokenGracePeriodStatusBySignature(ctx, signature); err != nil {
-		p.l.Errorf("signature: %s in_grace_period status not found. grace period not applied", id)
-		return errors.WithStack(err)
-	}
-
-	requesterSession := requester.GetSession()
-	if !inGracePeriod {
-		requesterSession.SetExpiresAt(fosite.RefreshToken, time.Now().UTC().Add(gracePeriod))
-		if err = p.updateRefreshSession(ctx, id, requesterSession, true); err != nil {
-			p.l.Errorf("failed to update session with signature: %s", id)
-			return errors.WithStack(err)
-		}
-	} else {
-		p.l.Tracef("request_id: %s is in the grace period", id)
-	}
-	return nil
+	return sqlcon.HandleError(p.Connection(ctx).
+		RawQuery(
+			fmt.Sprintf(`
+UPDATE %s SET
+	active=false
+	first_used_at=CURRENT_TIMESTAMP
+WHERE
+	request_id = ?
+	AND nid = ?
+	AND (
+		active=true
+		OR
+		(
+			active = false
+			AND first_used_at IS NOT NULL
+			AND CURRENT_TIMESTAMP > DATEADD(SECOND, ?, first_used_at),
+		)
+	)
+`,
+				OAuth2RequestSQL{Table: sqlTableRefresh}.TableName()),
+			id,
+			p.NetworkID(ctx),
+			gracePeriod,
+		).
+		Exec(),
+	)
 }
 
 func (p *Persister) RevokeAccessToken(ctx context.Context, id string) (err error) {