From d34f0d78f122a030733f2a74c33b86d79fc26095 Mon Sep 17 00:00:00 2001 From: tamassoltesz Date: Mon, 28 Oct 2024 09:18:55 +0100 Subject: [PATCH] fix: changing comma handling with jti listing --- .../java/io/supertokens/storage/mysql/Start.java | 4 ++-- .../storage/mysql/queries/OAuthQueries.java | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/main/java/io/supertokens/storage/mysql/Start.java b/src/main/java/io/supertokens/storage/mysql/Start.java index 1900324..388c6c7 100644 --- a/src/main/java/io/supertokens/storage/mysql/Start.java +++ b/src/main/java/io/supertokens/storage/mysql/Start.java @@ -3210,11 +3210,11 @@ public void deleteOAuthLogoutChallengesBefore(long time) throws StorageQueryExce @Override public void createOrUpdateOAuthSession(AppIdentifier appIdentifier, String gid, String clientId, String externalRefreshToken, String internalRefreshToken, - String sessionHandle, List jtis, long exp) + String sessionHandle, String jti, long exp) throws StorageQueryException, OAuthClientNotFoundException { try { OAuthQueries.createOrUpdateOAuthSession(this, appIdentifier, gid, clientId, externalRefreshToken, - internalRefreshToken, sessionHandle, jtis, exp); + internalRefreshToken, sessionHandle, jti, exp); } catch (SQLException e) { if (e instanceof SQLIntegrityConstraintViolationException) { String errorMessage = e.getMessage(); diff --git a/src/main/java/io/supertokens/storage/mysql/queries/OAuthQueries.java b/src/main/java/io/supertokens/storage/mysql/queries/OAuthQueries.java index db4c43a..a459b55 100644 --- a/src/main/java/io/supertokens/storage/mysql/queries/OAuthQueries.java +++ b/src/main/java/io/supertokens/storage/mysql/queries/OAuthQueries.java @@ -133,14 +133,14 @@ public static OAuthClient getOAuthClientById(Start start, String clientId, AppId public static void createOrUpdateOAuthSession(Start start, AppIdentifier appIdentifier, @NotNull String gid, @NotNull String clientId, String externalRefreshToken, String internalRefreshToken, String sessionHandle, - List jtis, long exp) + String jti, long exp) throws SQLException, StorageQueryException { String QUERY = "INSERT INTO " + Config.getConfig(start).getOAuthSessionsTable() + " (gid, client_id, app_id, external_refresh_token, internal_refresh_token, session_handle, jti, exp) VALUES (?, ?, ?, ?, ?, ?, ?, ?) " + "ON DUPLICATE KEY UPDATE external_refresh_token = ?, internal_refresh_token = ?, " + - "session_handle = ? , jti = CONCAT(jti, ',' , ?), exp = ?"; + "session_handle = ? , jti = CONCAT(jti , ?), exp = ?"; update(start, QUERY, pst -> { - String jtiDbValue = jtis == null ? null : String.join(",", jtis); + String jtiToInsert = jti + ","; //every jti value ends with ',' pst.setString(1, gid); pst.setString(2, clientId); @@ -148,13 +148,13 @@ public static void createOrUpdateOAuthSession(Start start, AppIdentifier appIden pst.setString(4, externalRefreshToken); pst.setString(5, internalRefreshToken); pst.setString(6, sessionHandle); - pst.setString(7, jtiDbValue); + pst.setString(7, jtiToInsert); // the starting list element also has to have a comma as the delete removes "jti + ," pst.setLong(8, exp); pst.setString(9, externalRefreshToken); pst.setString(10, internalRefreshToken); pst.setString(11, sessionHandle); - pst.setString(12, jtiDbValue); + pst.setString(12, jtiToInsert); pst.setLong(13, exp); }); } @@ -251,7 +251,7 @@ public static boolean deleteJTIFromOAuthSession(Start start, AppIdentifier appId + " SET jti = REPLACE(jti, ?, '')" // deletion means replacing the jti with empty char + " WHERE app_id = ? and gid = ?"; int numberOfRows = update(start, DELETE, pst -> { - pst.setString(1, jti); + pst.setString(1, jti + ","); pst.setString(2, appIdentifier.getAppId()); pst.setString(3, gid); });