forked from mystiq/dex
Merge pull request #848 from ericchiang/fix-sql-where-statement
storage/sql: add missing WHERE statement to refresh token update
This commit is contained in:
commit
d31bb1c8d5
2 changed files with 32 additions and 1 deletions
|
@ -269,6 +269,32 @@ func testRefreshTokenCRUD(t *testing.T, s storage.Storage) {
|
|||
|
||||
getAndCompare(id, refresh)
|
||||
|
||||
id2 := storage.NewID()
|
||||
refresh2 := storage.RefreshToken{
|
||||
ID: id2,
|
||||
Token: "bar_2",
|
||||
Nonce: "foo_2",
|
||||
ClientID: "client_id_2",
|
||||
ConnectorID: "client_secret",
|
||||
Scopes: []string{"openid", "email", "profile"},
|
||||
CreatedAt: time.Now().UTC().Round(time.Millisecond),
|
||||
LastUsed: time.Now().UTC().Round(time.Millisecond),
|
||||
Claims: storage.Claims{
|
||||
UserID: "2",
|
||||
Username: "john",
|
||||
Email: "john.doe@example.com",
|
||||
EmailVerified: true,
|
||||
Groups: []string{"a", "b"},
|
||||
},
|
||||
ConnectorData: []byte(`{"some":"data"}`),
|
||||
}
|
||||
|
||||
if err := s.CreateRefresh(refresh2); err != nil {
|
||||
t.Fatalf("create second refresh token: %v", err)
|
||||
}
|
||||
|
||||
getAndCompare(id2, refresh2)
|
||||
|
||||
updatedAt := time.Now().UTC().Round(time.Millisecond)
|
||||
|
||||
updater := func(r storage.RefreshToken) (storage.RefreshToken, error) {
|
||||
|
@ -283,6 +309,9 @@ func testRefreshTokenCRUD(t *testing.T, s storage.Storage) {
|
|||
refresh.LastUsed = updatedAt
|
||||
getAndCompare(id, refresh)
|
||||
|
||||
// Ensure that updating the first token doesn't impact the second. Issue #847.
|
||||
getAndCompare(id2, refresh2)
|
||||
|
||||
if err := s.DeleteRefresh(id); err != nil {
|
||||
t.Fatalf("failed to delete refresh request: %v", err)
|
||||
}
|
||||
|
|
|
@ -299,12 +299,14 @@ func (c *conn) UpdateRefreshToken(id string, updater func(old storage.RefreshTok
|
|||
token = $11,
|
||||
created_at = $12,
|
||||
last_used = $13
|
||||
where
|
||||
id = $14
|
||||
`,
|
||||
r.ClientID, encoder(r.Scopes), r.Nonce,
|
||||
r.Claims.UserID, r.Claims.Username, r.Claims.Email, r.Claims.EmailVerified,
|
||||
encoder(r.Claims.Groups),
|
||||
r.ConnectorID, r.ConnectorData,
|
||||
r.Token, r.CreatedAt, r.LastUsed,
|
||||
r.Token, r.CreatedAt, r.LastUsed, id,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("update refresh token: %v", err)
|
||||
|
|
Loading…
Reference in a new issue