octoleo
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Roll the refresh_token

This commit is contained in:
Timshel 2024-02-18 16:23:46 +01:00 committed by Jacques B
parent 1e42755187
commit fa3da1bddb
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/db/models/device.rs
View File

@ -1,4 +1,5 @@
use chrono::{NaiveDateTime, Utc};
use data_encoding::BASE64URL;
use crate::{crypto, CONFIG};
use core::fmt;
@ -60,11 +61,8 @@ impl Device {
}
pub fn refresh_tokens(&mut self, user: &super::User, scope: Vec<String>) -> (String, i64) {
// If there is no refresh token, we create one
if self.refresh_token.is_empty() {
use data_encoding::BASE64URL;
self.refresh_token = crypto::encode_random_bytes::<64>(BASE64URL);
}
// Roll the refresh_token to prevent reuse
self.refresh_token = crypto::encode_random_bytes::<64>(BASE64URL);
// Update the expiration of the device and the last update date
let time_now = Utc::now();