fix: delete old token when generating new token

8 months ago · f9c13353e2
2 changed files with 6 additions and 9 deletions
--- a/packages/nocodb/src/models/UserRefreshToken.ts
+++ b/packages/nocodb/src/models/UserRefreshToken.ts
@ -68,11 +68,11 @@ export default class UserRefreshToken {
      null,
      MetaTable.USER_REFRESH_TOKENS,
      {
-        token: oldToken,
+        token: newToken,
        expires_at: dayjs().add(90, 'day').toDate(),
      },
      {
-        token: newToken,
+        token: oldToken,
      },
    );
  }
--- a/packages/nocodb/src/services/users/users.service.ts
+++ b/packages/nocodb/src/services/users/users.service.ts
@ -370,9 +370,9 @@ export class UsersService {
        NcError.badRequest(`Missing refresh token`);
      }

-      const user = await User.getByRefreshToken(
-        param.req.cookies.refresh_token,
-      );
+      const oldRefreshToken = param.req.cookies.refresh_token;
+
+      const user = await User.getByRefreshToken(oldRefreshToken);

      if (!user) {
        NcError.badRequest(`Invalid refresh token`);
@ -380,10 +380,7 @@ export class UsersService {

      const refreshToken = randomTokenString();

-      await UserRefreshToken.insert({
-        token: refreshToken,
-        fk_user_id: user.id,
-      });
+      await UserRefreshToken.updateOldToken(oldRefreshToken, refreshToken);

      setTokenCookie(param.res, refreshToken);