From: Jasper Weyne <redacted>
Date: Tue, 4 Aug 2020 20:09:53 +0000 (+0200)
Subject: Simplify refresh method
X-Git-Tag: v21.10~1^2~21^2~11^2~2
X-Git-Url: http://source.bookstackapp.com/bookstack/commitdiff_plain/f2d320825a34b425457954b832bccd3a6ed56cfd

Simplify refresh method
---

diff --git a/app/Auth/Access/OpenIdService.php b/app/Auth/Access/OpenIdService.php
index 2b536d492..4eea3c252 100644
--- a/app/Auth/Access/OpenIdService.php
+++ b/app/Auth/Access/OpenIdService.php
@@ -71,41 +71,56 @@ class OpenIdService extends ExternalAuthService
 
         $accessToken = new AccessToken(json_decode($json, true) ?? []);
 
-        // Check if both the access token and the ID token (if present) are unexpired
-        $idToken = $accessToken->getIdToken();
-        $accessTokenUnexpired = $accessToken->getExpires() && !$accessToken->hasExpired();
-        $idTokenUnexpired = !$idToken || !$idToken->isExpired(); 
-        if ($accessTokenUnexpired && $idTokenUnexpired) {
+        // If the token is not expired, refreshing isn't necessary
+        if ($this->isUnexpired($accessToken)) {
             return true;
         }
 
-        // If no refresh token available, logout
-        if ($accessToken->getRefreshToken() === null) {
+        // Try to obtain refreshed access token
+        try {
+            $newAccessToken = $this->refreshAccessToken($accessToken);
+        } catch (\Exception $e) {
+            // Log out if an unknown problem arises
+            $this->actionLogout();
+            throw $e;
+        }
+
+        // If a token was obtained, update the access token, otherwise log out
+        if ($newAccessToken !== null) {
+            session()->put('openid_token', json_encode($newAccessToken));
+            return true;
+        } else {
             $this->actionLogout();
             return false;
         }
+    }
+
+    protected function isUnexpired(AccessToken $accessToken): bool
+    {
+        $idToken = $accessToken->getIdToken();
+        
+        $accessTokenUnexpired = $accessToken->getExpires() && !$accessToken->hasExpired();
+        $idTokenUnexpired = !$idToken || !$idToken->isExpired(); 
+
+        return $accessTokenUnexpired && $idTokenUnexpired;
+    }
+
+    protected function refreshAccessToken(AccessToken $accessToken): ?AccessToken
+    {
+        // If no refresh token available, abort
+        if ($accessToken->getRefreshToken() === null) {
+            return null;
+        }
 
         // ID token or access token is expired, we refresh it using the refresh token
         try {
-            $provider = $this->getProvider();
-
-            $accessToken = $provider->getAccessToken('refresh_token', [
+            return $this->getProvider()->getAccessToken('refresh_token', [
                 'refresh_token' => $accessToken->getRefreshToken(),
             ]);
         } catch (IdentityProviderException $e) {
-            // Refreshing failed, logout
-            $this->actionLogout();
-            return false;
-        } catch (\Exception $e) {
-            // Unknown error, logout and throw
-            $this->actionLogout();
-            throw $e;
+            // Refreshing failed
+            return null;
         }
-
-        // A valid token was obtained, we update the access token
-        session()->put('openid_token', json_encode($accessToken));
-
-        return true;
     }
 
     /**