From 676b5eaa72f6772868c017c39e7fd7c71b1e1cb6 Mon Sep 17 00:00:00 2001
From: Joey Berkovitz <joeyberkovitz@gmail.com>
Date: Wed, 13 May 2020 15:50:56 -0400
Subject: [PATCH] Fix issue with duplicate refresh tokens revert to 1 hour
 token

---
 .../restaurantReservation/grpc/Auth/AuthManager.java     | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/grpc/src/main/java/edu/cooper/ece366/restaurantReservation/grpc/Auth/AuthManager.java b/grpc/src/main/java/edu/cooper/ece366/restaurantReservation/grpc/Auth/AuthManager.java
index 351f83b..7cbf4ad 100644
--- a/grpc/src/main/java/edu/cooper/ece366/restaurantReservation/grpc/Auth/AuthManager.java
+++ b/grpc/src/main/java/edu/cooper/ece366/restaurantReservation/grpc/Auth/AuthManager.java
@@ -11,7 +11,6 @@
 import io.jsonwebtoken.io.Decoders;
 import org.jdbi.v3.core.Jdbi;
 
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.KeyFactory;
@@ -87,7 +86,7 @@ public List<String> genTokens(int userID, String userAgent){
 		User user = db.withExtension(UserDao.class, d->d.getUser(userID));
 
 		Date issueDate = new Date();
-		Date expDate = Date.from(issueDate.toInstant().plus(Duration.ofSeconds(10)));
+		Date expDate = Date.from(issueDate.toInstant().plus(Duration.ofHours(1)));
 		Date refreshExp = Date.from(issueDate.toInstant().plus(Duration.ofDays(1)));
 		Date notBefore = Date.from(issueDate.toInstant().minus(Duration.ofMinutes(5)));
 		String authToken = Jwts.builder()
@@ -103,10 +102,14 @@ public List<String> genTokens(int userID, String userAgent){
 				.setIssuedAt(issueDate)
 				.setNotBefore(notBefore)
 				.setSubject(Integer.toString(userID))
+				.setId(String.valueOf(UUID.randomUUID()))
 				.signWith(privateKey, SignatureAlgorithm.RS256)
 				.compact();
 
-		db.useExtension(UserDao.class, dao ->
+		// Only insert token into DB if not already there
+		// Duplicates occur on occasion if refresh request is duplicated within a second
+		if(this.checkRefreshToken(refreshToken).isEmpty())
+			db.useExtension(UserDao.class, dao ->
 				dao.insertUserToken(userID, refreshToken, userAgent, refreshExp));
 
 		ArrayList<String> res = new ArrayList<String>();