From 8bb4dcfe833df0df3452b1bb64932ebc2a843645 Mon Sep 17 00:00:00 2001 From: David Barroso Date: Tue, 30 Apr 2024 16:38:17 +0200 Subject: [PATCH] fix: dont crash if users have no roles when refreshing token (#511) * fix: dont crash if users have no roles when refreshing token * asd --- go/controller/post_token_test.go | 6 +++--- go/controller/workflows.go | 14 ++++++++++---- go/sql/query.sql | 2 +- go/sql/query.sql.go | 4 ++-- 4 files changed, 16 insertions(+), 10 deletions(-) diff --git a/go/controller/post_token_test.go b/go/controller/post_token_test.go index f2e849464..c6e5252dd 100644 --- a/go/controller/post_token_test.go +++ b/go/controller/post_token_test.go @@ -83,8 +83,8 @@ func TestPostToken(t *testing.T) { //nolint:maintidx ), }), ).Return([]sql.RefreshTokenAndGetUserRolesRow{ - {Role: "user", RefreshTokenID: tokenID}, - {Role: "me", RefreshTokenID: tokenID}, + {Role: sql.Text("user"), RefreshTokenID: tokenID}, + {Role: sql.Text("me"), RefreshTokenID: tokenID}, }, nil) return mock @@ -167,7 +167,7 @@ func TestPostToken(t *testing.T) { //nolint:maintidx ), }), ).Return([]sql.RefreshTokenAndGetUserRolesRow{ - {Role: "anonymous", RefreshTokenID: tokenID}, + {Role: sql.Text("anonymous"), RefreshTokenID: tokenID}, }, nil) return mock diff --git a/go/controller/workflows.go b/go/controller/workflows.go index 9c60cbd84..f25771c2d 100644 --- a/go/controller/workflows.go +++ b/go/controller/workflows.go @@ -297,7 +297,7 @@ func (wf *Workflows) GetUserByRefreshTokenHash( return user, nil } -func (wf *Workflows) UpdateSession( +func (wf *Workflows) UpdateSession( //nolint:funlen ctx context.Context, user sql.AuthUser, refreshToken string, @@ -314,9 +314,15 @@ func (wf *Workflows) UpdateSession( return &api.Session{}, ErrInvalidRefreshToken //nolint:exhaustruct } - allowedRoles := make([]string, len(userRoles)) - for i, role := range userRoles { - allowedRoles[i] = role.Role + allowedRoles := make([]string, 0, len(userRoles)) + for _, role := range userRoles { + if role.Role.Valid { + allowedRoles = append(allowedRoles, role.Role.String) + } + } + + if !slices.Contains(allowedRoles, user.DefaultRole) { + allowedRoles = append(allowedRoles, user.DefaultRole) } accessToken, expiresIn, err := wf.jwtGetter.GetToken( diff --git a/go/sql/query.sql b/go/sql/query.sql index 2b4db0748..53de9c750 100644 --- a/go/sql/query.sql +++ b/go/sql/query.sql @@ -159,7 +159,7 @@ updated_user AS ( WHERE auth.users.id = refreshed_token.user_id ) SELECT refreshed_token.refresh_token_id, role FROM auth.user_roles -JOIN refreshed_token ON auth.user_roles.user_id = refreshed_token.user_id; +RIGHT JOIN refreshed_token ON auth.user_roles.user_id = refreshed_token.user_id; -- name: UpdateUserLastSeen :one UPDATE auth.users diff --git a/go/sql/query.sql.go b/go/sql/query.sql.go index fb0be568e..936514fa5 100644 --- a/go/sql/query.sql.go +++ b/go/sql/query.sql.go @@ -541,7 +541,7 @@ updated_user AS ( WHERE auth.users.id = refreshed_token.user_id ) SELECT refreshed_token.refresh_token_id, role FROM auth.user_roles -JOIN refreshed_token ON auth.user_roles.user_id = refreshed_token.user_id +RIGHT JOIN refreshed_token ON auth.user_roles.user_id = refreshed_token.user_id ` type RefreshTokenAndGetUserRolesParams struct { @@ -551,7 +551,7 @@ type RefreshTokenAndGetUserRolesParams struct { type RefreshTokenAndGetUserRolesRow struct { RefreshTokenID uuid.UUID - Role string + Role pgtype.Text } func (q *Queries) RefreshTokenAndGetUserRoles(ctx context.Context, arg RefreshTokenAndGetUserRolesParams) ([]RefreshTokenAndGetUserRolesRow, error) {