colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ignore ID token expiry if unavailable

This commit is contained in:
Jasper Weyne 2020-07-07 02:51:33 +02:00
parent 10c890947f
commit 5df7db5105
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Auth/Access/OpenIdService.php
View File

@ -8,6 +8,7 @@ use Exception;
use Lcobucci\JWT\Token; use Lcobucci\JWT\Token;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException; use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use OpenIDConnectClient\AccessToken; use OpenIDConnectClient\AccessToken;
use OpenIDConnectClient\Exception\InvalidTokenException;
use OpenIDConnectClient\OpenIDConnectProvider; use OpenIDConnectClient\OpenIDConnectProvider;
/** /**
@ -64,8 +65,9 @@ class OpenIdService extends ExternalAuthService
$json = session()->get('openid_token'); $json = session()->get('openid_token');
$accessToken = new AccessToken(json_decode($json, true)); $accessToken = new AccessToken(json_decode($json, true));
// Check whether the access token or ID token is expired // Check if both the access token and the ID token (if present) are unexpired
if (!$accessToken->getIdToken()->isExpired() && !$accessToken->hasExpired()) { $idToken = $accessToken->getIdToken();
if (!$accessToken->hasExpired() && (!$idToken || !$idToken->isExpired())) {
return true; return true;
} }
@ -86,6 +88,9 @@ class OpenIdService extends ExternalAuthService
// Refreshing failed, logout // Refreshing failed, logout
$this->actionLogout(); $this->actionLogout();
return false; return false;
} catch (InvalidTokenException $e) {
// A refresh token doesn't necessarily contain
// an ID token, ignore this exception
} }
// A valid token was obtained, we update the access token // A valid token was obtained, we update the access token