Fixing bug - the refresh endpoint needs ReCodEx token properly injected.

Author: krulis-martin

app/helpers/Recodex/RecodexApiHelper.php

@@ -136,6 +136,7 @@ private function processJsonBody($response)
     {
         $code = $response->getStatusCode();
         if ($code === 401) { // unauthorized, token is probably invalid
+            Debugger::log("HTTP request to ReCodEx API failed (response $code).", Debugger::DEBUG);
             throw new InvalidAccessTokenException("Unauthorized request to ReCodEx API. Token is probably invalid.");
         }
 
@@ -237,6 +238,7 @@ public function getTokenAndUser(): array
     {
         Debugger::log('ReCodEx::getTokenAndUser()', Debugger::DEBUG);
         $body = $this->post('extensions/' . $this->extensionId);
+        Debugger::log($body, Debugger::DEBUG);
         if (!is_array($body) || empty($body['accessToken']) || empty($body['user'])) {
             throw new RecodexApiException("Unexpected ReCodEx API response from extension token endpoint.");
         }
@@ -254,6 +256,7 @@ public function refreshToken(): array
     {
         Debugger::log('ReCodEx::refreshToken()', Debugger::DEBUG);
         $body = $this->post('login/refresh');
+        Debugger::log($body, Debugger::DEBUG);
         if (!is_array($body) || empty($body['accessToken']) || empty($body['user'])) {
             throw new RecodexApiException("Unexpected ReCodEx API response from token refresh endpoint.");
         }

app/presenters/LoginPresenter.php

@@ -127,12 +127,25 @@ public function checkRefresh()
      */
     public function actionRefresh()
     {
+        // We need to inject the token manually here (this class is not derived from BasePresenterWithApi)
+        $user = $this->getCurrentUser();
+        $prefix = $user->getRecodexToken();
+        $suffix = $this->getAccessToken()->getPayloadOrDefault('suffix', null);
+
+        if (!$prefix || !$suffix) {
+            throw new ForbiddenRequestException("Cannot refresh token - user does not have a ReCodEx token.");
+        }
+
+        // Call ReCodEx API to refresh the token
+        $this->recodexApi->setAuthToken($prefix . $suffix);
         $recodexResponse = $this->recodexApi->refreshToken();
         /** @var RecodexUser */
         $recodexUser = $recodexResponse['user'];
 
-        // Update the user entity with new info from ReCodEx.
-        $user = $this->users->findOrThrow($recodexUser->getId());
+        // Update the user entity with new info from ReCodEx
+        if ($recodexUser->getId() !== $user->getId()) {
+            throw new AuthenticationException("Token refresh failed - user ID mismatch.");
+        }
         $recodexUser->updateUser($user);
 
         $this->finalizeLogin($user, $recodexResponse['accessToken']);