diff --git a/.env.example b/.env.example index 38e49456..910c61a1 100644 --- a/.env.example +++ b/.env.example @@ -40,3 +40,4 @@ PERMANENT_API_BASE_PATH=${LOCAL_TEMPORARY_AUTH_TOKEN} # See https://fusionauth.io/docs/v1/tech/apis/api-keys FUSION_AUTH_HOST=${FUSION_AUTH_HOST} FUSION_AUTH_KEY=${FUSION_AUTH_KEY} +FUSION_AUTH_APP_ID=${FUSION_AUTH_APP_ID} diff --git a/src/classes/AuthenticationSession.ts b/src/classes/AuthenticationSession.ts index 9d43f3ba..225cfd43 100644 --- a/src/classes/AuthenticationSession.ts +++ b/src/classes/AuthenticationSession.ts @@ -15,10 +15,16 @@ enum FusionAuthStatusCode { export class AuthenticationSession { public authToken = ''; + public refreshToken = ''; + + private authTokenExpiresAt = 0; + public readonly authContext; private readonly fusionAuthClient; + private readonly fusionAuthAppId = process.env.FUSION_AUTH_APP_ID ?? ''; + private twoFactorId = ''; private twoFactorMethods: TwoFactorMethod[] = []; @@ -32,6 +38,32 @@ export class AuthenticationSession { this.promptForPassword(); } + public obtainNewAuthTokenUsingRefreshToken(): void { + this.fusionAuthClient.exchangeRefreshTokenForAccessToken(this.refreshToken, '', '', '', '') + .then((clientResponse) => { + this.authToken = clientResponse.response.access_token ?? ''; + }) + .catch((clientResponse: unknown) => { + const message = isPartialClientResponse(clientResponse) + ? clientResponse.exception.message + : ''; + logger.warn(`Error obtaining refresh token : ${message}`); + this.authContext.reject(); + }); + } + + public tokenExpired(): boolean { + const expirationDate = new Date(this.authTokenExpiresAt); + return expirationDate <= new Date(); + } + + public tokenWouldExpireSoon(xMinutes = 5): boolean { + const expirationDate = new Date(this.authTokenExpiresAt); + const currentTime = new Date(); + const timeDifferenceMinutes = (expirationDate.getTime() - currentTime.getTime()) / (1000 * 60); + return timeDifferenceMinutes <= xMinutes; + } + private promptForPassword(): void { this.authContext.prompt( { @@ -46,6 +78,7 @@ export class AuthenticationSession { private processPasswordResponse([password]: string[]): void { this.fusionAuthClient.login({ + applicationId: this.fusionAuthAppId, loginId: this.authContext.username, password, }).then((clientResponse) => { @@ -57,6 +90,8 @@ export class AuthenticationSession { username: this.authContext.username, }); this.authToken = clientResponse.response.token; + this.authTokenExpiresAt = clientResponse.response.tokenExpirationInstant ?? 0; + this.refreshToken = clientResponse.response.refreshToken ?? ''; this.authContext.accept(); return; } diff --git a/src/classes/SftpSessionHandler.ts b/src/classes/SftpSessionHandler.ts index 5a44112d..f615b552 100644 --- a/src/classes/SftpSessionHandler.ts +++ b/src/classes/SftpSessionHandler.ts @@ -958,6 +958,9 @@ export class SftpSessionHandler { } private getCurrentPermanentFileSystem(): PermanentFileSystem { + if (this.authenticationSession.tokenExpired() || this.authenticationSession.tokenWouldExpireSoon()) { + this.authenticationSession.obtainNewAuthTokenUsingRefreshToken(); + } return this.permanentFileSystemManager .getCurrentPermanentFileSystemForUser( this.authenticationSession.authContext.username,