Fix issue with duplicate refresh tokens

revert to 1 hour token
joeyberkovitz · May 13, 2020 · 676b5ea · 676b5ea
1 parent 5ac43a2
commit 676b5ea
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/grpc/src/main/java/edu/cooper/ece366/restaurantReservation/grpc/Auth/AuthManager.java b/grpc/src/main/java/edu/cooper/ece366/restaurantReservation/grpc/Auth/AuthManager.java
@@ -11,7 +11,6 @@
 import io.jsonwebtoken.io.Decoders;
 import org.jdbi.v3.core.Jdbi;
 
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.KeyFactory;
@@ -87,7 +86,7 @@ public List<String> genTokens(int userID, String userAgent){
 		User user = db.withExtension(UserDao.class, d->d.getUser(userID));
 
 		Date issueDate = new Date();
-		Date expDate = Date.from(issueDate.toInstant().plus(Duration.ofSeconds(10)));
+		Date expDate = Date.from(issueDate.toInstant().plus(Duration.ofHours(1)));
 		Date refreshExp = Date.from(issueDate.toInstant().plus(Duration.ofDays(1)));
 		Date notBefore = Date.from(issueDate.toInstant().minus(Duration.ofMinutes(5)));
 		String authToken = Jwts.builder()
@@ -103,10 +102,14 @@ public List<String> genTokens(int userID, String userAgent){
 				.setIssuedAt(issueDate)
 				.setNotBefore(notBefore)
 				.setSubject(Integer.toString(userID))
+				.setId(String.valueOf(UUID.randomUUID()))
 				.signWith(privateKey, SignatureAlgorithm.RS256)
 				.compact();
 
-		db.useExtension(UserDao.class, dao ->
+		// Only insert token into DB if not already there
+		// Duplicates occur on occasion if refresh request is duplicated within a second
+		if(this.checkRefreshToken(refreshToken).isEmpty())
+			db.useExtension(UserDao.class, dao ->
 				dao.insertUserToken(userID, refreshToken, userAgent, refreshExp));
 
 		ArrayList<String> res = new ArrayList<String>();