fix: authorize endpoint setting user session

2022-08-29 08:18:20 +05:30 · 2022-08-29 08:18:20 +05:30 · 97f6c7d50a
commit 97f6c7d50a
parent 5f385b2016
6 changed files with 7 additions and 6 deletions
--- a/server/handlers/authorize.go
+++ b/server/handlers/authorize.go
@ -248,7 +248,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 				return
 			}

-			memorystore.Provider.SetUserSession(user.ID, constants.TokenTypeSessionToken+"_"+newSessionTokenData.Nonce, newSessionToken)
+			memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+newSessionTokenData.Nonce, newSessionToken)
 			cookie.SetSession(gc, newSessionToken)
 			code := uuid.New().String()
 			memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken)
--- a/server/handlers/token.go
+++ b/server/handlers/token.go
@ -76,7 +76,6 @@ func TokenHandler() gin.HandlerFunc {
 		sessionKey := ""

 		if isAuthorizationCodeGrant {
-
 			if codeVerifier == "" {
 				log.Debug("Code verifier is empty")
 				gc.JSON(http.StatusBadRequest, gin.H{
@ -134,15 +133,18 @@ func TokenHandler() gin.HandlerFunc {
 				})
 				return
 			}
+
 			userID = claims.Subject
 			roles = claims.Roles
 			scope = claims.Scope
 			loginMethod = claims.LoginMethod
+
 			// rollover the session for security
 			sessionKey = userID
 			if loginMethod != "" {
 				sessionKey = loginMethod + ":" + userID
 			}
+
 			go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
 		} else {
 			// validate refresh token
--- a/server/memorystore/providers/inmemory/store.go
+++ b/server/memorystore/providers/inmemory/store.go
@ -7,7 +7,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/constants"
 )

-// SetUserSession sets the user session
+// SetUserSession sets the user session for given user identifier in form recipe:user_id
 func (c *provider) SetUserSession(userId, key, token string) error {
 	c.sessionStore.Set(userId, key, token)
 	return nil
--- a/server/memorystore/providers/providers.go
+++ b/server/memorystore/providers/providers.go
@ -2,7 +2,7 @@ package providers

 // Provider defines current memory store provider
 type Provider interface {
-	// SetUserSession sets the user session
+	// SetUserSession sets the user session for given user identifier in form recipe:user_id
 	SetUserSession(userId, key, token string) error
 	// GetAllUserSessions returns all the user sessions from the session store
 	GetAllUserSessions(userId string) (map[string]string, error)
--- a/server/memorystore/providers/redis/store.go
+++ b/server/memorystore/providers/redis/store.go
@ -14,7 +14,7 @@ var (
 	envStorePrefix = "authorizer_env"
 )

-// SetUserSession sets the user session in redis store.
+// SetUserSession sets the user session for given user identifier in form recipe:user_id
 func (c *provider) SetUserSession(userId, key, token string) error {
 	err := c.store.HSet(c.ctx, userId, key, token).Err()
 	if err != nil {
--- a/server/token/auth_token.go
+++ b/server/token/auth_token.go
@ -298,7 +298,6 @@ func ValidateBrowserSession(gc *gin.Context, encryptedSession string) (*SessionD
 	if res.LoginMethod != "" {
 		sessionStoreKey = res.LoginMethod + ":" + res.Subject
 	}
-
 	token, err := memorystore.Provider.GetUserSession(sessionStoreKey, constants.TokenTypeSessionToken+"_"+res.Nonce)
 	if token == "" || err != nil {
 		log.Debug("invalid browser session:", err)