github-mirror/BookStack
github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-04-27 06:34:05 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Ignore ID token expiry if unavailable

Browse Source
This commit is contained in:
Jasper Weyne 2020-07-07 02:51:33 +02:00
parent 10c890947f
commit 5df7db5105
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Auth/Access/OpenIdService.php
View File

@ -8,6 +8,7 @@ use Exception;
use Lcobucci\JWT\Token;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use OpenIDConnectClient\AccessToken;
use OpenIDConnectClient\Exception\InvalidTokenException;
use OpenIDConnectClient\OpenIDConnectProvider;
/**
@ -64,8 +65,9 @@ class OpenIdService extends ExternalAuthService
$json = session()->get('openid_token');
$accessToken = new AccessToken(json_decode($json, true));
// Check whether the access token or ID token is expired
if (!$accessToken->getIdToken()->isExpired() && !$accessToken->hasExpired()) {
// Check if both the access token and the ID token (if present) are unexpired
$idToken = $accessToken->getIdToken();
if (!$accessToken->hasExpired() && (!$idToken || !$idToken->isExpired())) {
return true;
}
@ -86,6 +88,9 @@ class OpenIdService extends ExternalAuthService
// Refreshing failed, logout
$this->actionLogout();
return false;
} catch (InvalidTokenException $e) {
// A refresh token doesn't necessarily contain
// an ID token, ignore this exception
}
// A valid token was obtained, we update the access token