[opw-web] Auth: handle expired tokens
- From: Owen Taylor <otaylor src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [opw-web] Auth: handle expired tokens
- Date: Tue, 9 Feb 2016 01:46:51 +0000 (UTC)
commit fb58028b591114fb1d2526ad801e928368118b0b
Author: Owen W. Taylor <otaylor fishsoup net>
Date: Mon Feb 8 18:15:25 2016 -0500
Auth: handle expired tokens
Because of interactions between HybridAuth sessions and application sessions,
we can have a state where we have a HybridAuth session, but the credential is
expired, and we don't have a refresh token. In this case, we need to reauthenticate,
rather than proceeding. Add an isExpired() method to the provider adapter and
model, so that the authenticate() method of the Auth object can identify this
situation and start over.
auth/Hybrid/Auth.php | 30 +++++++++++++++++-------------
auth/Hybrid/Provider_Adapter.php | 10 ++++++++++
auth/Hybrid/Provider_Model.php | 10 ++++++++++
auth/Hybrid/Provider_Model_OAuth2.php | 7 ++++++-
4 files changed, 43 insertions(+), 14 deletions(-)
---
diff --git a/auth/Hybrid/Auth.php b/auth/Hybrid/Auth.php
index 23c778f..d0be078 100644
--- a/auth/Hybrid/Auth.php
+++ b/auth/Hybrid/Auth.php
@@ -208,22 +208,26 @@ class Hybrid_Auth
{
Hybrid_Logger::info( "Enter Hybrid_Auth::authenticate( $providerId )" );
- // if user not connected to $providerId then try setup a new adapter and start the login
process for this provider
- if( ! Hybrid_Auth::storage()->get( "hauth_session.$providerId.is_logged_in" ) ){
- Hybrid_Logger::info( "Hybrid_Auth::authenticate( $providerId ), User not connected to
the provider. Try to authenticate.." );
+ if( Hybrid_Auth::storage()->get( "hauth_session.$providerId.is_logged_in" ) ){
+ // If we're already connect to $providerIder, return the adapter instance for the given provider,
+ // unless it is expired
+ $provider_adapter = Hybrid_Auth::getAdapter( $providerId );
+ if( ! $provider_adapter->isExpired()) {
+ Hybrid_Logger::info( "Hybrid_Auth::authenticate( $providerId ), User is already connected to
this provider. Return the adapter" );
+ return $provider_adapter;
+ } else {
+ Hybrid_Logger::info( "Hybrid_Auth::authenticate( $providerId ), User is connected to this
provider with expired credentials. Starting over" );
+ $provider_adapter->setUserUnconnected();
+ }
+ }
- $provider_adapter = Hybrid_Auth::setup( $providerId, $params );
+ // if user not connected to $providerId then try setup a new adapter and start the login
process for this provider
+ Hybrid_Logger::info( "Hybrid_Auth::authenticate( $providerId ), User not connected to the provider.
Try to authenticate.." );
- $provider_adapter->login();
- }
+ $provider_adapter = Hybrid_Auth::setup( $providerId, $params );
- // else, then return the adapter instance for the given provider
- else{
- Hybrid_Logger::info( "Hybrid_Auth::authenticate( $providerId ), User is already
connected to this provider. Return the adapter instance." );
-
- return Hybrid_Auth::getAdapter( $providerId );
- }
- }
+ $provider_adapter->login();
+ }
// --------------------------------------------------------------------
diff --git a/auth/Hybrid/Provider_Adapter.php b/auth/Hybrid/Provider_Adapter.php
index 4333b93..0abc97c 100644
--- a/auth/Hybrid/Provider_Adapter.php
+++ b/auth/Hybrid/Provider_Adapter.php
@@ -165,6 +165,16 @@ class Hybrid_Provider_Adapter
// --------------------------------------------------------------------
+ /**
+ * return true if we're connected but the access credentials are expired
+ */
+ public function isExpired()
+ {
+ return $this->adapter->isExpired();
+ }
+
+ // --------------------------------------------------------------------
+
/**
* handle :
* getUserProfile()
diff --git a/auth/Hybrid/Provider_Model.php b/auth/Hybrid/Provider_Model.php
index ef45dd4..15e77dd 100644
--- a/auth/Hybrid/Provider_Model.php
+++ b/auth/Hybrid/Provider_Model.php
@@ -172,6 +172,16 @@ abstract class Hybrid_Provider_Model
// --------------------------------------------------------------------
+ /**
+ * return true if we're connected but the access credentials are expired
+ */
+ public function isExpired()
+ {
+ return false;
+ }
+
+ // --------------------------------------------------------------------
+
/**
* set user to connected
*/
diff --git a/auth/Hybrid/Provider_Model_OAuth2.php b/auth/Hybrid/Provider_Model_OAuth2.php
index aaae805..7480e9d 100644
--- a/auth/Hybrid/Provider_Model_OAuth2.php
+++ b/auth/Hybrid/Provider_Model_OAuth2.php
@@ -131,7 +131,12 @@ class Hybrid_Provider_Model_OAuth2 extends Hybrid_Provider_Model
// set user connected locally
$this->setUserConnected();
}
-
+
+ function isExpired()
+ {
+ return $this->api->access_token_expires_at && ! $this->api->refresh_token &&
$this->api->access_token_expires_at <= time() ;
+ }
+
function refreshToken()
{
// have an access token?
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]