(w http.ResponseWriter, r *http.Request)
| 172 | } |
| 173 | |
| 174 | func (impl UserAuthServiceImpl) HandleRefresh(w http.ResponseWriter, r *http.Request) { |
| 175 | session, _ := cStore.Get(r, "JWT_TOKEN") |
| 176 | // Check if user is authenticated |
| 177 | if auth, ok := session.Values["authenticated"].(bool); !ok || !auth { |
| 178 | http.Redirect(w, r, dexOauthConfig.AuthCodeURL(oauthStateString), http.StatusFound) |
| 179 | } else { |
| 180 | jwtToken := session.Values["jwtToken"].(string) |
| 181 | claims := &Claims |
| 182 | |
| 183 | // Parse the JWT string and store the result in `claims`. |
| 184 | // Note that we are passing the key in this method as well. This method will return an error |
| 185 | // if the token is invalid (if it has expired according to the expiry time we set on sign in), |
| 186 | // or if the signature does not match |
| 187 | tkn, err := jwt.ParseWithClaims(jwtToken, claims, func(token *jwt.Token) (interface{}, error) { |
| 188 | return jwtKey, nil |
| 189 | }) |
| 190 | if !tkn.Valid { |
| 191 | session.Options = &sessions.Options{ |
| 192 | MaxAge: -1, |
| 193 | } |
| 194 | writeResponse(http.StatusUnauthorized, "TOKEN EXPIRED", w, errors.New("token expired")) |
| 195 | return |
| 196 | } |
| 197 | if err != nil { |
| 198 | if err == jwt.ErrSignatureInvalid { |
| 199 | writeResponse(http.StatusUnauthorized, "SignatureInvalid", w, errors.New("SignatureInvalid")) |
| 200 | return |
| 201 | } |
| 202 | writeResponse(http.StatusBadRequest, "StatusBadRequest", w, errors.New("StatusBadRequest")) |
| 203 | return |
| 204 | } |
| 205 | claims.Email = util2.ConvertEmailToLowerCase(claims.Email) |
| 206 | bearerToken := claims.Token |
| 207 | user, err := authorize(context.Background(), bearerToken) |
| 208 | if err != nil { |
| 209 | fmt.Print("Exception :", err) |
| 210 | } |
| 211 | fmt.Print(user) |
| 212 | |
| 213 | // We ensure that a new token is not issued until enough time has elapsed |
| 214 | // In this case, a new token will only be issued if the old token is within |
| 215 | // 30 seconds of expiry. Otherwise, return a bad request status |
| 216 | /*if time.Unix(claims.ExpiresAt, 0).Sub(time.Now()) > 30*time.Second { |
| 217 | w.WriteHeader(http.StatusBadRequest) |
| 218 | return |
| 219 | }*/ |
| 220 | |
| 221 | dbUser, err := impl.userRepository.FetchUserDetailByEmail(Claims.Email) |
| 222 | if err != nil { |
| 223 | impl.logger.Errorw("Exception while fetching user from db", "err", err) |
| 224 | } |
| 225 | if dbUser.Id > 0 { |
| 226 | // Do nothing, User already exist in our db. (unique check by email id) |
| 227 | } else { |
| 228 | // TODO - need to handle case |
| 229 | } |
| 230 | |
| 231 | // Now, create a new token for the current use, with a renewed expiration time |
nothing calls this directly
no test coverage detected