From 99cd7a0a2ed4657532fa08c545eaeac317c9f63e Mon Sep 17 00:00:00 2001
From: Hossein Azizabadi Farahani <hossein.azizabadi@gmail.com>
Date: Thu, 12 Dec 2024 12:51:57 +0330
Subject: [PATCH] Improve refresh token process

---
 src/Middleware/AuthenticationMiddleware.php | 25 ++++++++++---------
 src/Service/AccountService.php              | 27 ++++++++++-----------
 2 files changed, 27 insertions(+), 25 deletions(-)

diff --git a/src/Middleware/AuthenticationMiddleware.php b/src/Middleware/AuthenticationMiddleware.php
index c507018..c51ed58 100644
--- a/src/Middleware/AuthenticationMiddleware.php
+++ b/src/Middleware/AuthenticationMiddleware.php
@@ -65,8 +65,22 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
     {
         // Get token
         $securityStream = $request->getAttribute('security_stream');
+        $refreshToken   = $request->getHeaderLine('refresh-token');
         $token          = $request->getHeaderLine('token');
 
+        // Set refresh-token to token if its be on true module and handler
+        $type = 'access';
+        if (
+            !empty($refreshToken)
+            && isset($routeParams['module'])
+            && in_array($routeParams['module'], ['user', 'company'])
+            && isset($routeParams['handler'])
+            && $routeParams['handler'] == 'refresh'
+        ) {
+            $type = 'refresh';
+            $token      = $refreshToken;
+        }
+
         // get route match
         $routeMatch  = $request->getAttribute('Laminas\Router\RouteMatch');
         $routeParams = $routeMatch->getParams();
@@ -100,17 +114,6 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
             return $this->errorHandler->handle($request);
         }
 
-        // Set token type
-        $type = 'access';
-        if (
-            isset($routeParams['module'])
-            && in_array($routeParams['module'], ['user', 'company'])
-            && isset($routeParams['handler'])
-            && $routeParams['handler'] == 'refresh'
-        ) {
-            $type = 'refresh';
-        }
-
         // Check a token type
         if ($tokenParsed['type'] != $type) {
             $request = $request->withAttribute('status', StatusCodeInterface::STATUS_UNAUTHORIZED);
diff --git a/src/Service/AccountService.php b/src/Service/AccountService.php
index 343c453..ea0581f 100644
--- a/src/Service/AccountService.php
+++ b/src/Service/AccountService.php
@@ -319,6 +319,19 @@ public function postLoginSuccess($account, $params): array
         $account['roles']      = $this->roleService->getRoleAccount((int)$account['id']);
         $account['roles_full'] = $this->roleService->canonizeAccountRole($account['roles']);
 
+        // Set company data and Get company details if company module loaded
+        $account['is_company_setup']    = false;
+        $account['company_id']          = $user['authorization']['company_id'] ?? 0;
+        $account['company_title']       = $user['authorization']['company']['title'] ?? '';
+        if ($this->hasCompanyService()) {
+            $company = $this->companyService->getCompanyDetails((int)$account['id']);
+            if (!empty($company)) {
+                $account['company_id']       = $company['company_id'];
+                $account['company_title']    = $company['company_title'];
+                $account['is_company_setup'] = true;
+            }
+        }
+
         // Generate access token
         $accessToken = $this->tokenService->encryptToken(
             [
@@ -353,9 +366,6 @@ public function postLoginSuccess($account, $params): array
         $account['multi_factor_verify'] = $multiFactorVerify;
         $account['access_token']        = $accessToken['token'];
         $account['refresh_token']       = $refreshToken['token'];
-        $account['is_company_setup']    = false;
-        $account['company_id']          = $user['authorization']['company_id'] ?? 0;
-        $account['company_title']       = $user['authorization']['company']['title'] ?? '';
         $account['permission']          = [];
         $account['token_payload']       = [
             'iat' => $accessToken['payload']['iat'],
@@ -372,17 +382,6 @@ public function postLoginSuccess($account, $params): array
             $account['permission'] = $this->permissionService->getPermissionRole($permissionParams);
         }
 
-        // Get company details if company module loaded
-        if ($this->hasCompanyService()) {
-            $company = $this->companyService->getCompanyDetails((int)$account['id']);
-            if (!empty($company)) {
-                // Set company to account if exist
-                $account['company_id']       = $company['company_id'];
-                $account['company_title']    = $company['company_title'];
-                $account['is_company_setup'] = true;
-            }
-        }
-
         // Check company setup
         if (!$account['is_company_setup'] && isset($this->config['login']['get_company']) && (int)$this->config['login']['get_company'] === 1) {
             $isCompanySetup = false;