OXDEV-8525 Check how to refresh token

Author: TitaKoleva

src/Framework/RequestReader.php

@@ -17,6 +17,7 @@
 use OxidEsales\EshopCommunity\Core\Registry;
 use OxidEsales\GraphQL\Base\Exception\UnableToParseToken;
 use OxidEsales\GraphQL\Base\Service\JwtConfigurationBuilder;
+use OxidEsales\GraphQL\Base\Service\RefreshTokenServiceInterface;
 use OxidEsales\GraphQL\Base\Service\TokenValidator;
 
 use function apache_request_headers;
@@ -41,7 +42,7 @@ public function __construct(
      */
     public function getAuthToken(): ?UnencryptedToken
     {
-        $authHeader = $this->getAuthorizationHeader();
+        $authHeader = $this->getAuthorizationHeader() ?: $this->getAuthCookie();
 
         if ($authHeader === null) {
             return null;
@@ -64,6 +65,11 @@ public function getAuthToken(): ?UnencryptedToken
             throw new UnableToParseToken();
         }
 
+        // using refresh token might not be necessary
+//        if ($authHeader === $this->getAuthCookie()) {
+//            $token = $this->refreshTokenService->refreshTokenCookie($token);
+//        }
+
         $this->tokenValidator->validateToken($token);
 
         return $token;
@@ -146,10 +152,6 @@ private function getAuthorizationHeader(): ?string
             return $value;
         }
 
-        if ($authCookie = $this->getAuthCookie()) {
-            return 'Bearer ' . $authCookie;
-        }
-
         if (function_exists('apache_request_headers')) {
             $headers = apache_request_headers();
 
@@ -167,7 +169,9 @@ private function getAuthorizationHeader(): ?string
 
     private function getAuthCookie(): ?string
     {
-        return (string) Registry::getUtilsServer()->getOxCookie('oxapi_jwt');
+        $authCookie = (string) Registry::getUtilsServer()->getOxCookie('oxapi_jwt');
+//        var_dump($authCookie);
+        return $authCookie ? 'Bearer ' . $authCookie : null;
     }
 
     private function getRegularHeaderValue(): ?string

src/Service/RefreshTokenService.php

@@ -9,6 +9,8 @@
 
 namespace OxidEsales\GraphQL\Base\Service;
 
+use Lcobucci\JWT\UnencryptedToken;
+use OxidEsales\EshopCommunity\Core\Registry;
 use OxidEsales\GraphQL\Base\DataType\UserInterface;
 use OxidEsales\GraphQL\Base\Infrastructure\RefreshTokenRepositoryInterface;
 
@@ -46,4 +48,20 @@ public function refreshToken(string $refreshToken, string $fingerprintHash): str
 
         return $newToken->toString();
     }
+
+    public function refreshTokenCookie(UnencryptedToken $token): UnencryptedToken
+    {
+        $expTime = $token->claims()->get('exp')->getTimestamp();
+        if ($expTime > time()) {
+            return $token;
+        }
+
+        $refreshToken = (string) Registry::getUtilsServer()->getOxCookie('oxapi_refresh');
+        $user = $this->refreshTokenRepository->getTokenUser($refreshToken);
+        $newToken = $this->tokenService->createTokenForUser($user);
+        $newExpTime = $newToken->claims()->get('exp')->getTimestamp();
+        Registry::getUtilsServer()->setOxCookie('oxapi_jwt', $newToken->toString(), $newExpTime,null, null, false);
+
+        return $newToken;
+    }
 }

src/Service/TokenValidator.php

@@ -10,6 +10,7 @@
 namespace OxidEsales\GraphQL\Base\Service;
 
 use Lcobucci\JWT\UnencryptedToken;
+use OxidEsales\EshopCommunity\Core\Registry;
 use OxidEsales\GraphQL\Base\Exception\InvalidToken;
 use OxidEsales\GraphQL\Base\Exception\TokenUserBlocked;
 use OxidEsales\GraphQL\Base\Exception\UnknownToken;