Auth/PM-7467- Fix Refresh token issues (#8757)

* PM-7467 - Login Strategy bug - VaultTimeoutSettings will be undefined before the account is activated unless you pass in user ids to retrieve the data. This resulted in refresh tokens always being set into secure storage regardless of a user's vault timeout settings (logout should translate to memory) * PM-7467 - TokenSvc - Fix bug in getRefreshToken which would retrieve the user's refresh token from secure storage even if the user had changed their vault timeout setting to log out which moved the refresh token into memory. Includes a migration to remove the no longer required REFRESH_TOKEN_MIGRATED_TO_SECURE_STORAGE state provider flag. * PM-7467 - Per PR feedback, use IRREVERSIBLE for rollback. Co-authored-by: Jake Fink <jfink@bitwarden.com> * PM-7467 - fix tests * PM-7467 - Fix migrator based on PR feedback. * PM-7467 - Bump migration version --------- Co-authored-by: Jake Fink <jfink@bitwarden.com>
2025-12-12 06:13:38 +00:00 · 2024-04-16 14:05:47 -04:00
parent cbb7e1840d
commit 51a6b34cc2
8 changed files with 125 additions and 67 deletions
--- a/libs/auth/src/common/login-strategies/login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/login.strategy.ts
@@ -166,8 +166,8 @@ export abstract class LoginStrategy {

    const userId = accountInformation.sub;

-    const vaultTimeoutAction = await this.stateService.getVaultTimeoutAction();
-    const vaultTimeout = await this.stateService.getVaultTimeout();
+    const vaultTimeoutAction = await this.stateService.getVaultTimeoutAction({ userId });
+    const vaultTimeout = await this.stateService.getVaultTimeout({ userId });

    // set access token and refresh token before account initialization so authN status can be accurate
    // User id will be derived from the access token.