Skip to content

Commit

Permalink
Merge pull request #416 from DuendeSoftware/brock/sid_refresh_token
Browse files Browse the repository at this point in the history 
Fix bug when storing session id in refresh token
  • Loading branch information
@brockallen @leastprivilege
brockallen authored and leastprivilege committed Sep 28, 2021
1 parent b28f8dd commit c263f11
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 16 deletions.
1 change: 1 addition & 0 deletions src/IdentityServer/Services/Default/DefaultRefreshTokenService.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,7 @@ public virtual async Task<string> CreateRefreshTokenAsync(RefreshTokenCreationRe
var refreshToken = new RefreshToken
{
Subject = request.Subject,
SessionId = request.AccessToken.SessionId,
ClientId = request.Client.ClientId,
Description = request.Description,
AuthorizedScopes = request.AuthorizedScopes,
Expand Down
2 changes: 1 addition & 1 deletion src/Storage/Models/RefreshToken.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ public void SetAccessToken(Token token, string resourceIndicator = null)
/// <value>
/// The session identifier.
/// </value>
public string SessionId => Subject?.FindFirst(JwtClaimTypes.SessionId)?.Value;
public string SessionId { get; set; }

/// <summary>
/// Gets the description the user assigned to the device being authorized.
Expand Down
42 changes: 28 additions & 14 deletions test/IdentityServer.UnitTests/Services/Default/DefaultPersistedGrantServiceTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -338,23 +338,26 @@ public async Task RemoveAllGrantsAsync_should_filter_on_session_id()
var handle1 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
ClientId = "client1",
Subject = new IdentityServerUser("123") { AdditionalClaims = new[] { new Claim("sid", "session1") } }.CreatePrincipal(),
Subject = new IdentityServerUser("123").CreatePrincipal(),
SessionId = "session1",
AuthorizedScopes = new[] { "baz" },
CreationTime = DateTime.UtcNow,
Lifetime = 10,
});
var handle2 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
ClientId = "client2",
Subject = new IdentityServerUser("123") { AdditionalClaims = new[] { new Claim("sid", "session1") } }.CreatePrincipal(),
Subject = new IdentityServerUser("123").CreatePrincipal(),
SessionId = "session1",
AuthorizedScopes = new[] { "baz" },
CreationTime = DateTime.UtcNow,
Lifetime = 10,
});
var handle3 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
ClientId = "client3",
Subject = new IdentityServerUser("123") { AdditionalClaims = new[] { new Claim("sid", "session3") } }.CreatePrincipal(),
Subject = new IdentityServerUser("123").CreatePrincipal(),
SessionId = "session3",
AuthorizedScopes = new[] { "baz" },
CreationTime = DateTime.UtcNow,
Lifetime = 10,
Expand All @@ -373,23 +376,26 @@ public async Task RemoveAllGrantsAsync_should_filter_on_session_id()
var handle1 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
ClientId = "client1",
Subject = new IdentityServerUser("123") { AdditionalClaims = new[] { new Claim("sid", "session1") } }.CreatePrincipal(),
Subject = new IdentityServerUser("123").CreatePrincipal(),
SessionId = "session1",
AuthorizedScopes = new[] { "baz" },
CreationTime = DateTime.UtcNow,
Lifetime = 10,
});
var handle2 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
ClientId = "client2",
Subject = new IdentityServerUser("123") { AdditionalClaims = new[] { new Claim("sid", "session1") } }.CreatePrincipal(),
Subject = new IdentityServerUser("123").CreatePrincipal(),
SessionId = "session1",
AuthorizedScopes = new[] { "baz" },
CreationTime = DateTime.UtcNow,
Lifetime = 10,
});
var handle3 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
ClientId = "client3",
Subject = new IdentityServerUser("123") { AdditionalClaims = new[] { new Claim("sid", "session3") } }.CreatePrincipal(),
Subject = new IdentityServerUser("123").CreatePrincipal(),
SessionId = "session3",
AuthorizedScopes = new[] { "baz" },
CreationTime = DateTime.UtcNow,
Lifetime = 10,
Expand All @@ -408,31 +414,35 @@ public async Task RemoveAllGrantsAsync_should_filter_on_session_id()
var handle1 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
ClientId = "client1",
Subject = new IdentityServerUser("123") { AdditionalClaims = new[] { new Claim("sid", "session1") } }.CreatePrincipal(),
Subject = new IdentityServerUser("123").CreatePrincipal(),
SessionId = "session1",
AuthorizedScopes = new[] { "baz" },
CreationTime = DateTime.UtcNow,
Lifetime = 10,
});
var handle2 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
ClientId = "client2",
Subject = new IdentityServerUser("123") { AdditionalClaims = new[] { new Claim("sid", "session1") } }.CreatePrincipal(),
Subject = new IdentityServerUser("123").CreatePrincipal(),
SessionId = "session1",
AuthorizedScopes = new[] { "baz" },
CreationTime = DateTime.UtcNow,
Lifetime = 10,
});
var handle3 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
ClientId = "client3",
Subject = new IdentityServerUser("123") { AdditionalClaims = new[] { new Claim("sid", "session1") } }.CreatePrincipal(),
Subject = new IdentityServerUser("123").CreatePrincipal(),
SessionId = "session1",
AuthorizedScopes = new[] { "baz" },
CreationTime = DateTime.UtcNow,
Lifetime = 10,
});
var handle4 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
ClientId = "client1",
Subject = new IdentityServerUser("123") { AdditionalClaims = new[] { new Claim("sid", "session2") } }.CreatePrincipal(),
Subject = new IdentityServerUser("123").CreatePrincipal(),
SessionId = "session2",
AuthorizedScopes = new[] { "baz" },
CreationTime = DateTime.UtcNow,
Lifetime = 10,
Expand All @@ -452,31 +462,35 @@ public async Task RemoveAllGrantsAsync_should_filter_on_session_id()
var handle1 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
ClientId = "client1",
Subject = new IdentityServerUser("123") { AdditionalClaims = new[] { new Claim("sid", "session1") } }.CreatePrincipal(),
Subject = new IdentityServerUser("123").CreatePrincipal(),
SessionId = "session1",
AuthorizedScopes = new[] { "baz" },
CreationTime = DateTime.UtcNow,
Lifetime = 10,
});
var handle2 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
ClientId = "client2",
Subject = new IdentityServerUser("123") { AdditionalClaims = new[] { new Claim("sid", "session1") } }.CreatePrincipal(),
Subject = new IdentityServerUser("123").CreatePrincipal(),
SessionId = "session1",
AuthorizedScopes = new[] { "baz" },
CreationTime = DateTime.UtcNow,
Lifetime = 10,
});
var handle3 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
ClientId = "client3",
Subject = new IdentityServerUser("123") { AdditionalClaims = new[] { new Claim("sid", "session1") } }.CreatePrincipal(),
Subject = new IdentityServerUser("123").CreatePrincipal(),
SessionId = "session1",
AuthorizedScopes = new[] { "baz" },
CreationTime = DateTime.UtcNow,
Lifetime = 10,
});
var handle4 = await _refreshTokens.StoreRefreshTokenAsync(new RefreshToken()
{
ClientId = "client1",
Subject = new IdentityServerUser("123") { AdditionalClaims = new[] { new Claim("sid", "session2") } }.CreatePrincipal(),
Subject = new IdentityServerUser("123").CreatePrincipal(),
SessionId = "session2",
AuthorizedScopes = new[] { "baz" },
CreationTime = DateTime.UtcNow,
Lifetime = 10,
Expand Down
3 changes: 2 additions & 1 deletion test/IdentityServer.UnitTests/Stores/Default/DefaultPersistedGrantStoreTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@ public async Task refresh_token_in_pre_version_5_format_should_deserialize()
{
CreationTime = DateTime.UtcNow,
Lifetime = 10,
SessionId = "sessionid",
AccessToken = new Token
{
ClientId = "client",
Expand All @@ -119,7 +120,7 @@ public async Task refresh_token_in_pre_version_5_format_should_deserialize()
new Claim("sid", "sessionid"),
new Claim("scope", "s1"),
new Claim("scope", "s2"),
}
},
},
Version = 4
};
Expand Down

0 comments on commit c263f11

Please sign in to comment.