Skip to content

Commit

Permalink
Fix/GH-137-RefreshToken-Reuse-Bug (#35)
Browse files Browse the repository at this point in the history
  • Loading branch information
@inh2613
inh2613 authored Jul 25, 2023
2 parents b7bf7ab + b94a8dc commit cc8e58d
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions src/main/java/org/swmaestro/repl/gifthub/auth/controller/AuthController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,17 +44,19 @@ public TokenDto signIn(@RequestBody SignInDto loginDto) {
}

@PostMapping("/refresh")
@Operation(summary = "Refresh Token을 이용한 Access Token 재발급 메서드", description = "Refresh Token을 이용하여 Access Token을 재발급 받기 위한 메서드입니다.")
@Operation(summary = "Refresh Token을 이용한 New RefreshToken, New Access Token 발급 메서드", description = "Refresh Token을 이용하여 새로운 Refresh Token, Access Token을 발급 받기 위한 메서드입니다.")
public TokenDto reissueAccessToken(@RequestHeader("Authorization") String refreshToken) {
String newAccessToken = refreshTokenService.createNewAccessTokenByValidateRefreshToken(refreshToken);

refreshToken = refreshToken.substring(7);
String newRefreshToken = refreshTokenService.createNewRefreshTokenByValidateRefreshToken(refreshToken);

TokenDto tokenDto = TokenDto.builder()
.accessToken(newAccessToken)
.refreshToken(refreshToken)
.refreshToken(newRefreshToken)
.build();

refreshToken = refreshToken.substring(7);
refreshTokenService.storeRefreshToken(tokenDto, jwtProvider.getUsername(refreshToken));

return tokenDto;
}

Expand Down

0 comments on commit cc8e58d

Please sign in to comment.