From c98c4475059f2c2b1fbd6b8da9ce0317e68840fe Mon Sep 17 00:00:00 2001 From: tamassoltesz Date: Mon, 28 Oct 2024 09:21:35 +0100 Subject: [PATCH] fix: changinf jti + comma handling --- .../io/supertokens/storage/postgresql/Start.java | 4 ++-- .../storage/postgresql/queries/OAuthQueries.java | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/main/java/io/supertokens/storage/postgresql/Start.java b/src/main/java/io/supertokens/storage/postgresql/Start.java index a7800301..ade74a27 100644 --- a/src/main/java/io/supertokens/storage/postgresql/Start.java +++ b/src/main/java/io/supertokens/storage/postgresql/Start.java @@ -3287,11 +3287,11 @@ public void deleteOAuthLogoutChallengesBefore(long time) throws StorageQueryExce @Override public void createOrUpdateOAuthSession(AppIdentifier appIdentifier, String gid, String clientId, String externalRefreshToken, String internalRefreshToken, - String sessionHandle, List jtis, long exp) + String sessionHandle, String jti, long exp) throws StorageQueryException, OAuthClientNotFoundException { try { OAuthQueries.createOrUpdateOAuthSession(this, appIdentifier, gid, clientId, externalRefreshToken, - internalRefreshToken, sessionHandle, jtis, exp); + internalRefreshToken, sessionHandle, jti, exp); } catch (SQLException e) { ServerErrorMessage errorMessage = ((PSQLException) e).getServerErrorMessage(); PostgreSQLConfig config = Config.getConfig(this); diff --git a/src/main/java/io/supertokens/storage/postgresql/queries/OAuthQueries.java b/src/main/java/io/supertokens/storage/postgresql/queries/OAuthQueries.java index 58a26efd..43c66432 100644 --- a/src/main/java/io/supertokens/storage/postgresql/queries/OAuthQueries.java +++ b/src/main/java/io/supertokens/storage/postgresql/queries/OAuthQueries.java @@ -163,15 +163,15 @@ public static OAuthClient getOAuthClientById(Start start, String clientId, AppId public static void createOrUpdateOAuthSession(Start start, AppIdentifier appIdentifier, @NotNull String gid, @NotNull String clientId, String externalRefreshToken, String internalRefreshToken, String sessionHandle, - List jtis, long exp) + String jti, long exp) throws SQLException, StorageQueryException { String sessionTable = Config.getConfig(start).getOAuthSessionsTable(); String QUERY = "INSERT INTO " + sessionTable + " (gid, client_id, app_id, external_refresh_token, internal_refresh_token, session_handle, jti, exp) VALUES (?, ?, ?, ?, ?, ?, ?, ?) " + "ON CONFLICT (gid) DO UPDATE SET external_refresh_token = ?, internal_refresh_token = ?, " + - "session_handle = ? , jti = CONCAT("+sessionTable+".jti, ',' , ?), exp = ?"; + "session_handle = ? , jti = CONCAT("+sessionTable+".jti, ?), exp = ?"; update(start, QUERY, pst -> { - String jtiDbValue = jtis == null ? null : String.join(",", jtis); + String jtiToInsert = jti + ","; pst.setString(1, gid); pst.setString(2, clientId); @@ -179,13 +179,13 @@ public static void createOrUpdateOAuthSession(Start start, AppIdentifier appIden pst.setString(4, externalRefreshToken); pst.setString(5, internalRefreshToken); pst.setString(6, sessionHandle); - pst.setString(7, jtiDbValue); + pst.setString(7, jtiToInsert); //the starting list element also has to have a "," at the end as the remove removes "jti + ," pst.setLong(8, exp); pst.setString(9, externalRefreshToken); pst.setString(10, internalRefreshToken); pst.setString(11, sessionHandle); - pst.setString(12, jtiDbValue); + pst.setString(12, jtiToInsert); pst.setLong(13, exp); }); } @@ -283,7 +283,7 @@ public static boolean deleteJTIFromOAuthSession(Start start, AppIdentifier appId + " SET jti = REPLACE(jti, ?, '')" // deletion means replacing the jti with empty char + " WHERE app_id = ? and gid = ?"; int numberOfRows = update(start, DELETE, pst -> { - pst.setString(1, jti); + pst.setString(1, jti + ","); //removing with the "," to not leave behind trash pst.setString(2, appIdentifier.getAppId()); pst.setString(3, gid); });