Update OAuth2 handler to recognize refreshed tokens (#813)
This commit is contained in:
parent
36eb80559f
commit
d66d24c8d5
|
@ -4,6 +4,60 @@ use strict;
|
|||
|
||||
our $VERSION = '2.0.4';
|
||||
|
||||
sub retrieveSession {
|
||||
my ( $class, $req, $id ) = @_;
|
||||
my ($offlineId) = $id =~ /^O-(.*)/;
|
||||
|
||||
# Retrieve regular session if this is not an offline access token
|
||||
unless ($offlineId) {
|
||||
return $class->Lemonldap::NG::Handler::Main::retrieveSession( $req,
|
||||
$id );
|
||||
}
|
||||
|
||||
# 2. Get the session from cache or backend
|
||||
my $session = $req->data->{session} = (
|
||||
Lemonldap::NG::Common::Session->new( {
|
||||
storageModule => $class->tsv->{oidcStorageModule},
|
||||
storageModuleOptions => $class->tsv->{oidcStorageOptions},
|
||||
cacheModule => $class->tsv->{sessionCacheModule},
|
||||
cacheModuleOptions => $class->tsv->{sessionCacheOptions},
|
||||
id => $offlineId,
|
||||
kind => "OIDCI",
|
||||
}
|
||||
)
|
||||
);
|
||||
|
||||
unless ( $session->error ) {
|
||||
|
||||
$class->data( $session->data );
|
||||
$class->logger->debug("Get session $offlineId from Handler::Main::Run");
|
||||
|
||||
# Verify that session is valid
|
||||
$class->logger->error(
|
||||
"_utime is not defined. This should not happen. Check if it is well transmitted to handler"
|
||||
) unless $session->data->{_utime};
|
||||
|
||||
my $ttl = $class->tsv->{timeout} - time + $session->data->{_utime};
|
||||
$class->logger->debug( "Session TTL = " . $ttl );
|
||||
|
||||
if ( time - $session->data->{_utime} > $class->tsv->{timeout} ) {
|
||||
$class->logger->info("Session $id expired");
|
||||
|
||||
# Clean cached data
|
||||
$class->data( {} );
|
||||
return 0;
|
||||
}
|
||||
|
||||
return $session->data;
|
||||
}
|
||||
else {
|
||||
$class->logger->info("Session $offlineId can't be retrieved");
|
||||
$class->logger->info( $session->error );
|
||||
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
sub fetchId {
|
||||
my ( $class, $req ) = @_;
|
||||
|
||||
|
@ -21,10 +75,16 @@ sub fetchId {
|
|||
|
||||
# Get access token session
|
||||
my $infos = $class->getOIDCInfos($access_token);
|
||||
# If this token is tied to a regular session ID
|
||||
if ( my $_session_id = $infos->{user_session_id} ) {
|
||||
$class->logger->debug( 'Get user session id ' . $_session_id );
|
||||
return $_session_id;
|
||||
}
|
||||
# If this token is tied to an Offline session
|
||||
if ( my $_session_id = $infos->{offline_session_id} ) {
|
||||
$class->logger->debug( 'Get offline session id ' . $_session_id );
|
||||
return "O-$_session_id";
|
||||
}
|
||||
|
||||
return $class->Lemonldap::NG::Handler::Main::fetchId($req);
|
||||
}
|
||||
|
@ -50,7 +110,8 @@ sub getOIDCInfos {
|
|||
unless ( $oidcSession->error ) {
|
||||
$class->logger->debug("Get OIDC session $id");
|
||||
|
||||
$infos->{user_session_id} = $oidcSession->data->{user_session_id};
|
||||
$infos->{user_session_id} = $oidcSession->data->{user_session_id};
|
||||
$infos->{offline_session_id} = $oidcSession->data->{offline_session_id};
|
||||
}
|
||||
else {
|
||||
$class->logger->info("OIDC Session $id can't be retrieved");
|
||||
|
|
Loading…
Reference in New Issue
Block a user