Fixing bug - the refresh endpoint needs ReCodEx token properly injected.

Author: krulis-martin

app/presenters/LoginPresenter.php

@@ -127,12 +127,25 @@ public function checkRefresh()
      */
     public function actionRefresh()
     {
+        // We need to inject the token manually here (this class is not derived from BasePresenterWithApi)
+        $user = $this->getCurrentUser();
+        $prefix = $user->getRecodexToken();
+        $suffix = $this->getAccessToken()->getPayloadOrDefault('suffix', null);
+
+        if (!$prefix || !$suffix) {
+            throw new ForbiddenRequestException("Cannot refresh token - user does not have a ReCodEx token.");
+        }
+
+        // Call ReCodEx API to refresh the token
+        $this->recodexApi->setAuthToken($prefix . $suffix);
         $recodexResponse = $this->recodexApi->refreshToken();
         /** @var RecodexUser */
         $recodexUser = $recodexResponse['user'];
 
-        // Update the user entity with new info from ReCodEx.
-        $user = $this->users->findOrThrow($recodexUser->getId());
+        // Update the user entity with new info from ReCodEx
+        if ($recodexUser->getId() !== $user->getId()) {
+            throw new AuthenticationException("Token refresh failed - user ID mismatch.");
+        }
         $recodexUser->updateUser($user);
 
         $this->finalizeLogin($user, $recodexResponse['accessToken']);