Skip to content

Commit 2e2cbeb

Browse files
azegalloazegallo
committed
Destroy session if invalid refresh token is used
1 parent af823f7 commit 2e2cbeb

File tree

1 file changed

+30
-13
lines changed

1 file changed

+30
-13
lines changed

Gotrue/Client.cs

Lines changed: 30 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -488,7 +488,7 @@ public async Task<ResetPasswordForEmailState> ResetPasswordForEmail(ResetPasswor
488488

489489
await RefreshToken();
490490

491-
var user = await _api.GetUser(CurrentSession.AccessToken!);
491+
var user = await _api.GetUser(CurrentSession.AccessToken);
492492
CurrentSession.User = user;
493493

494494
return CurrentSession;
@@ -693,13 +693,22 @@ public async Task RefreshToken(string accessToken, string refreshToken)
693693
if (string.IsNullOrEmpty(accessToken) || string.IsNullOrEmpty(refreshToken))
694694
throw new GotrueException("No token provided", NoSessionFound);
695695

696-
var result = await _api.RefreshAccessToken(accessToken, refreshToken);
697-
698-
if (result == null || string.IsNullOrEmpty(result.AccessToken))
699-
throw new GotrueException("Could not refresh token from provided session.", NoSessionFound);
696+
try
697+
{
698+
var result = await _api.RefreshAccessToken(accessToken, refreshToken);
700699

701-
CurrentSession = result;
702-
NotifyAuthStateChange(TokenRefreshed);
700+
if (result == null || string.IsNullOrEmpty(result.AccessToken))
701+
throw new GotrueException("Could not refresh token from provided session.", NoSessionFound);
702+
703+
CurrentSession = result;
704+
NotifyAuthStateChange(TokenRefreshed);
705+
}
706+
catch (GotrueException ex) when (ex.Reason is InvalidRefreshToken)
707+
{
708+
DestroySession();
709+
NotifyAuthStateChange(SignedOut);
710+
throw;
711+
}
703712
}
704713

705714
/// <inheritdoc />
@@ -711,14 +720,22 @@ public async Task RefreshToken()
711720
if (CurrentSession == null || string.IsNullOrEmpty(CurrentSession?.AccessToken) || string.IsNullOrEmpty(CurrentSession?.RefreshToken))
712721
throw new GotrueException("No current session.", NoSessionFound);
713722

714-
var result = await _api.RefreshAccessToken(CurrentSession.AccessToken!, CurrentSession.RefreshToken!);
715-
716-
if (result == null || string.IsNullOrEmpty(result.AccessToken))
717-
throw new GotrueException("Could not refresh token from provided session.", NoSessionFound);
723+
try
724+
{
725+
var result = await _api.RefreshAccessToken(CurrentSession.AccessToken!, CurrentSession.RefreshToken!);
726+
if (result == null || string.IsNullOrEmpty(result.AccessToken))
727+
throw new GotrueException("Could not refresh token from provided session.", NoSessionFound);
718728

719-
CurrentSession = result;
729+
CurrentSession = result;
720730

721-
NotifyAuthStateChange(TokenRefreshed);
731+
NotifyAuthStateChange(TokenRefreshed);
732+
}
733+
catch (GotrueException ex) when (ex.Reason is InvalidRefreshToken)
734+
{
735+
DestroySession();
736+
NotifyAuthStateChange(SignedOut);
737+
throw;
738+
}
722739
}
723740

724741

0 commit comments

Comments
 (0)