make sure refresh token login doesn't generate another refresh token

This commit is contained in:
Pliable Pixels 2019-05-08 15:26:51 -04:00
parent c41a2d067c
commit 1770ebea23
1 changed files with 67 additions and 33 deletions

View File

@ -31,9 +31,16 @@ class HostController extends AppController {
}
function login() {
$cred = $this->_getCredentials();
$cred_depr = $this->_getCredentialsDeprecated();
$ver = $this->_getVersion();
$mUser = $this->request->query('user') ? $this->request->query('user') : $this->request->data('user');
$mPassword = $this->request->query('pass') ? $this->request->query('pass') : $this->request->data('pass');
$mToken = $this->request->query('token') ? $this->request->query('token') : $this->request->data('token');
if ($mUser && $mPassword) {
$cred = $this->_getCredentials(true);
// if you authenticated via user/pass then generate new refresh
$this->set(array(
'access_token'=>$cred[0],
'access_token_expires'=>$cred[1],
@ -53,6 +60,28 @@ class HostController extends AppController {
'append_password',
'apiversion'
)));
}
else {
$cred = $this->_getCredentials(false);
$this->set(array(
'access_token'=>$cred[0],
'access_token_expires'=>$cred[1],
'credentials'=>$cred_depr[0],
'append_password'=>$cred_depr[1],
'version' => $ver[0],
'apiversion' => $ver[1],
'_serialize' => array(
'access_token',
'access_token_expires',
'version',
'credentials',
'append_password',
'apiversion'
)));
}
} // end function login()
// clears out session
@ -82,7 +111,7 @@ class HostController extends AppController {
}
}
private function _getCredentials() {
private function _getCredentials($generate_refresh_token=false) {
$credentials = '';
$this->loadModel('Config');
@ -123,6 +152,10 @@ class HostController extends AppController {
$jwt_access_token = \Firebase\JWT\JWT::encode($access_token, $key, 'HS256');
$jwt_refresh_token = "";
$refresh_ttl = 0;
if ($generate_refresh_token) {
$refresh_issued_at = time();
$refresh_ttl = 24 * 3600; // 1 day
@ -135,6 +168,7 @@ class HostController extends AppController {
"type" => "refresh"
);
$jwt_refresh_token = \Firebase\JWT\JWT::encode($refresh_token, $key, 'HS256');
}
}
return array($jwt_access_token, $access_ttl, $jwt_refresh_token, $refresh_ttl);