Correction for realm and user service

fdonnet · Oct 29, 2024 · a5d1876 · a5d1876
1 parent 3758521
commit a5d1876
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 19 deletions.
diff --git a/src/Ubik.Accounting.WebApp/Security/UserService.cs b/src/Ubik.Accounting.WebApp/Security/UserService.cs
@@ -36,28 +36,31 @@ public async Task<string> GetTokenAsync()
             if (token == null)
                 return string.Empty;
 
-            var response = await new HttpClient().RequestRefreshTokenAsync(new RefreshTokenRequest
+            if (token.ExpiresUtc < DateTimeOffset.UtcNow.AddSeconds(10) && token.ExpiresRefreshUtc > DateTimeOffset.UtcNow.AddSeconds(10))
             {
-                Address = authOptions.Value.TokenUrl,
-                ClientId = authOptions.Value.ClientId,
-                ClientSecret = authOptions.Value.ClientSecret,
-                RefreshToken = token.RefreshToken,
-                GrantType = "refresh_token",
-            });
-
-            if (!response.IsError)
-            {
-                await cache.SetUserTokenAsync(new TokenCacheEntry
+                var response = await new HttpClient().RequestRefreshTokenAsync(new RefreshTokenRequest
                 {
-                    UserId = userEmail,
-                    RefreshToken = response.RefreshToken!,
-                    AccessToken = response.AccessToken!,
-                    ExpiresUtc = new JwtSecurityToken(response.AccessToken).ValidTo,
-                    ExpiresRefreshUtc = DateTimeOffset.UtcNow.AddMinutes(authOptions.Value.RefreshTokenExpTimeInMinutes)
+                    Address = authOptions.Value.TokenUrl,
+                    ClientId = authOptions.Value.ClientId,
+                    ClientSecret = authOptions.Value.ClientSecret,
+                    RefreshToken = token.RefreshToken,
+                    GrantType = "refresh_token",
                 });
+
+                if (!response.IsError)
+                {
+                    await cache.SetUserTokenAsync(new TokenCacheEntry
+                    {
+                        UserId = userEmail,
+                        RefreshToken = response.RefreshToken!,
+                        AccessToken = response.AccessToken!,
+                        ExpiresUtc = new JwtSecurityToken(response.AccessToken).ValidTo,
+                        ExpiresRefreshUtc = DateTimeOffset.UtcNow.AddMinutes(authOptions.Value.RefreshTokenExpTimeInMinutes)
+                    });
+                }
+                else
+                    throw new InvalidOperationException("Error refreshing token");
             }
-            else
-                throw new InvalidOperationException("Error refreshing token");
 
             return token.AccessToken;
         }

diff --git a/tests/Ubik.Api.Tests.Integration/import/ubik-realm.json b/tests/Ubik.Api.Tests.Integration/import/ubik-realm.json
@@ -815,6 +815,7 @@
         "https://localhost:7289/*",
         "http://localhost:5002/*",
         "http://ubik-proxy/*",
+        "https://ubik-webapp/*",
         "http://ubik-webapp/*",
         "https://localhost:7249/*"
       ],
@@ -823,6 +824,7 @@
         "https://localhost:7289",
         "http://localhost:5002",
         "http://ubik-proxy",
+        "https://ubik-webapp",
         "http://ubik-webapp",
         "https://localhost:7249"
       ],
@@ -841,7 +843,7 @@
         "oidc.ciba.grant.enabled": "false",
         "client.secret.creation.time": "1728482137",
         "backchannel.logout.session.required": "true",
-        "post.logout.redirect.uris": "https://localhost:7149/*##https://localhost:7249/*##http://localhost:5002/*##http://ubik-proxy/*##http://ubik-webapp/*",
+        "post.logout.redirect.uris": "https://localhost:7149/*##https://localhost:7249/*##http://localhost:5002/*##http://ubik-proxy/*##https://ubik-webapp/*##http://ubik-webapp/*",
         "oauth2.device.authorization.grant.enabled": "false",
         "display.on.consent.screen": "false",
         "backchannel.logout.revoke.offline.tokens": "false"