🔃 fix: Refresh Token Edge Cases (#9625)

* 🔃 fix: Refresh Token Edge Cases * chore: Update parameter type for setAuthTokens function
2025-09-22 06:00:56 +02:00 · 2025-09-13 21:36:45 -04:00 · 2025-09-13 21:36:45 -04:00 · 1a47601533
commit 1a47601533
parent 5245aeea8f
4 changed files with 28 additions and 23 deletions
--- a/api/server/services/AuthService.js
+++ b/api/server/services/AuthService.js
@ -357,23 +357,18 @@ const resetPassword = async (userId, token, password) => {

 /**
 * Set Auth Tokens
- *
 * @param {String | ObjectId} userId
- * @param {Object} res
- * @param {String} sessionId
+ * @param {ServerResponse} res
+ * @param {ISession | null} [session=null]
 * @returns
 */
-const setAuthTokens = async (userId, res, sessionId = null) => {
+const setAuthTokens = async (userId, res, _session = null) => {
  try {
-    const user = await getUserById(userId);
-    const token = await generateToken(user);
-
-    let session;
+    let session = _session;
    let refreshToken;
    let refreshTokenExpires;

-    if (sessionId) {
-      session = await findSession({ sessionId: sessionId }, { lean: false });
+    if (session && session._id && session.expiration != null) {
      refreshTokenExpires = session.expiration.getTime();
      refreshToken = await generateRefreshToken(session);
    } else {
@ -383,6 +378,9 @@ const setAuthTokens = async (userId, res, sessionId = null) => {
      refreshTokenExpires = session.expiration.getTime();
    }

+    const user = await getUserById(userId);
+    const token = await generateToken(user);
+
    res.cookie('refreshToken', refreshToken, {
      expires: new Date(refreshTokenExpires),
      httpOnly: true,