dahjah/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-20 09:21:30 -06:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

pass original refresh_claim into renewal function

Browse Source
This commit is contained in:
Momi-V 2025-11-03 14:18:08 +01:00 committed by HPPinata
parent cc90430057
commit 19cce482bc
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/auth.rs
View File

@ -1175,7 +1175,7 @@ impl AuthTokens {
}
// Create refresh_token and access_token with default validity
pub fn new(device: &Device, user: &User, sub: AuthMethod, client_id: Option<String>) -> Self {
pub fn new(device: &Device, user: &User, sub: AuthMethod, client_id: Option<String>, existing_refresh_claims: Option<&RefreshJwtClaims>) -> Self {
let time_now = Utc::now();
let access_claims = LoginJwtClaims::default(device, user, &sub, client_id);
@ -1196,10 +1196,8 @@ impl AuthTokens {
};
let refresh_claims = if CONFIG.disable_refresh_token_renewal() {
match decode_refresh(&device.refresh_token) {
Ok(original_claims) => original_claims, // reuse the original struct
Err(_) => default_refresh_claims,
}
// Use existing_refresh_claims if passed and config is enabled
existing_refresh_claims.cloned().unwrap_or(default_refresh_claims)
} else {
default_refresh_claims
};
@ -1253,14 +1251,14 @@ pub async fn refresh_tokens(
let auth_tokens = match refresh_claims.sub {
AuthMethod::Sso if CONFIG.sso_enabled() && CONFIG.sso_auth_only_not_session() => {
AuthTokens::new(&device, &user, refresh_claims.sub, client_id)
AuthTokens::new(&device, &user, refresh_claims.sub, client_id, refresh_claims)
}
AuthMethod::Sso if CONFIG.sso_enabled() => {
sso::exchange_refresh_token(&device, &user, client_id, refresh_claims).await?
}
AuthMethod::Sso => err!("SSO is now disabled, Login again using email and master password"),
AuthMethod::Password if CONFIG.sso_enabled() && CONFIG.sso_only() => err!("SSO is now required, Login again"),
AuthMethod::Password => AuthTokens::new(&device, &user, refresh_claims.sub, client_id),
AuthMethod::Password => AuthTokens::new(&device, &user, refresh_claims.sub, client_id, refresh_claims),
_ => err!("Invalid auth method, cannot refresh token"),
};