diff options
author | Jonas Franz <info@jonasfranz.software> | 2019-04-12 09:50:21 +0200 |
---|---|---|
committer | Lunny Xiao <xiaolunwen@gmail.com> | 2019-04-12 15:50:21 +0800 |
commit | 783cd649276c472aa3af97dd311eb4766ff3adfb (patch) | |
tree | b5751426ada7ac3c41d2a65d2b023148b751ec08 /routers | |
parent | 3ff0a126e12109b6c3aceaa229dd1bf229b6ad4b (diff) | |
download | gitea-783cd649276c472aa3af97dd311eb4766ff3adfb.tar.gz gitea-783cd649276c472aa3af97dd311eb4766ff3adfb.zip |
Add option to disable refresh token invalidation (#6584)
* Add option to disable refresh token invalidation
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add integration tests and remove wrong todos
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix typo
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix tests and add documentation
Signed-off-by: Jonas Franz <info@jonasfranz.software>
Diffstat (limited to 'routers')
-rw-r--r-- | routers/user/oauth.go | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/routers/user/oauth.go b/routers/user/oauth.go index 110fa93b3d..326bd0bc55 100644 --- a/routers/user/oauth.go +++ b/routers/user/oauth.go @@ -102,18 +102,19 @@ const ( // AccessTokenResponse represents a successful access token response type AccessTokenResponse struct { - AccessToken string `json:"access_token"` - TokenType TokenType `json:"token_type"` - ExpiresIn int64 `json:"expires_in"` - // TODO implement RefreshToken - RefreshToken string `json:"refresh_token"` + AccessToken string `json:"access_token"` + TokenType TokenType `json:"token_type"` + ExpiresIn int64 `json:"expires_in"` + RefreshToken string `json:"refresh_token"` } func newAccessTokenResponse(grant *models.OAuth2Grant) (*AccessTokenResponse, *AccessTokenError) { - if err := grant.IncreaseCounter(); err != nil { - return nil, &AccessTokenError{ - ErrorCode: AccessTokenErrorCodeInvalidGrant, - ErrorDescription: "cannot increase the grant counter", + if setting.OAuth2.InvalidateRefreshTokens { + if err := grant.IncreaseCounter(); err != nil { + return nil, &AccessTokenError{ + ErrorCode: AccessTokenErrorCodeInvalidGrant, + ErrorDescription: "cannot increase the grant counter", + } } } // generate access token to access the API @@ -366,7 +367,7 @@ func handleRefreshToken(ctx *context.Context, form auth.AccessTokenForm) { } // check if token got already used - if grant.Counter != token.Counter || token.Counter == 0 { + if setting.OAuth2.InvalidateRefreshTokens && (grant.Counter != token.Counter || token.Counter == 0) { handleAccessTokenError(ctx, AccessTokenError{ ErrorCode: AccessTokenErrorCodeUnauthorizedClient, ErrorDescription: "token was already used", |