From 9dfcea88c99309f289fefa30bf321c345ddbf6c1 Mon Sep 17 00:00:00 2001
From: Dries Vanspauwen <dries.vanspauwen@gmail.com>
Date: Sat, 24 Aug 2024 19:56:44 +0000
Subject: [PATCH] set oauth expirations & refresh token fix

---
 module/ApiBundle/Controller/OAuthController.php | 13 +++++++------
 module/ApiBundle/Entity/Token.php               |  2 +-
 module/ApiBundle/Entity/Token/Refresh.php       |  2 +-
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/module/ApiBundle/Controller/OAuthController.php b/module/ApiBundle/Controller/OAuthController.php
index 8a882e7356..2230def9d5 100644
--- a/module/ApiBundle/Controller/OAuthController.php
+++ b/module/ApiBundle/Controller/OAuthController.php
@@ -305,28 +305,29 @@ public function tokenAction()
                 return $this->error(401, 'Unknown client_id');
             }
 
-            $accessToken = new AccessToken(
+            $newAccessToken = new AccessToken(
                 $refreshToken->getPerson(),
                 $refreshToken->getAuthorizationCode()
             );
-            $this->getEntityManager()->persist($accessToken);
+            $this->getEntityManager()->persist($newAccessToken);
 
-            $refreshToken = new RefreshToken(
+            $newRefreshToken = new RefreshToken(
                 $refreshToken->getPerson(),
                 $refreshToken->getAuthorizationCode(),
                 $key
             );
-            $this->getEntityManager()->persist($refreshToken);
 
             $refreshToken->exchange();
 
+            $this->getEntityManager()->persist($refreshToken);
+            $this->getEntityManager()->persist($newRefreshToken);
             $this->getEntityManager()->flush();
 
             $result = array(
-                'access_token'  => $accessToken->getCode(),
+                'access_token'  => $newAccessToken->getCode(),
                 'expires_in'    => AccessToken::DEFAULT_EXPIRATION_TIME,
                 'token_type'    => 'Bearer',
-                'refresh_token' => $refreshToken->getCode(),
+                'refresh_token' => $newRefreshToken->getCode(),
             );
 
             return new ViewModel(
diff --git a/module/ApiBundle/Entity/Token.php b/module/ApiBundle/Entity/Token.php
index 3961d50fba..d654c238d4 100644
--- a/module/ApiBundle/Entity/Token.php
+++ b/module/ApiBundle/Entity/Token.php
@@ -21,7 +21,7 @@
  */
 abstract class Token
 {
-    const DEFAULT_EXPIRATION_TIME = 604800;
+    const DEFAULT_EXPIRATION_TIME = 3600; // 1 hour
 
     /**
      * @var string The ID of this authorization code
diff --git a/module/ApiBundle/Entity/Token/Refresh.php b/module/ApiBundle/Entity/Token/Refresh.php
index 49423f23de..6423e5faeb 100644
--- a/module/ApiBundle/Entity/Token/Refresh.php
+++ b/module/ApiBundle/Entity/Token/Refresh.php
@@ -16,7 +16,7 @@
  */
 class Refresh extends \ApiBundle\Entity\Token
 {
-    const DEFAULT_EXPIRATION_TIME = 1209600;
+    const DEFAULT_EXPIRATION_TIME = 604800; // 1 week
 
     /**
      * @var Key The API key that can refresh the access token