From d27d776785ecb0876a7d11a856a5abe56a9beaf9 Mon Sep 17 00:00:00 2001 From: David Oduneye <44040421+DOOduneye@users.noreply.github.com> Date: Sun, 19 May 2024 16:45:06 -0400 Subject: [PATCH] fix: refresh checks the cookies over request body (#853) --- backend/entities/auth/base/controller.go | 8 ++++---- backend/entities/auth/base/models.go | 4 ++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/backend/entities/auth/base/controller.go b/backend/entities/auth/base/controller.go index cb29fe93d..48396131e 100644 --- a/backend/entities/auth/base/controller.go +++ b/backend/entities/auth/base/controller.go @@ -88,8 +88,8 @@ func (a *AuthController) Register(c *fiber.Ctx) error { // Refresh godoc // -// @Summary Refreshes a user's access token -// @Description Refreshes a user's access token +// @Summary Refreshes a user's access token and returns a new pair of tokens +// @Description Refreshes a user's access token and returns a new pair of tokens // @ID refresh-user // @Tags auth // @Accept json @@ -100,9 +100,9 @@ func (a *AuthController) Register(c *fiber.Ctx) error { // @Failure 500 {object} error // @Router /auth/refresh [post] func (a *AuthController) Refresh(c *fiber.Ctx) error { - var refreshBody authEntities.RefreshTokenRequestBody + var refreshBody RefreshTokenCookieBody - if err := c.BodyParser(&refreshBody); err != nil { + if err := c.CookieParser(&refreshBody); err != nil { return utilities.InvalidJSON() } diff --git a/backend/entities/auth/base/models.go b/backend/entities/auth/base/models.go index 32f759f57..a15a48349 100644 --- a/backend/entities/auth/base/models.go +++ b/backend/entities/auth/base/models.go @@ -14,3 +14,7 @@ type VerifyPasswordResetTokenRequestBody struct { type EmailRequestBody struct { Email string `json:"email" validate:"required,email"` } + +type RefreshTokenCookieBody struct { + RefreshToken string `cookie:"refresh_token" validate:"required"` +}