client: Require full authentication when the refresh token has expired

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/pakfire/client.c b/src/pakfire/client.c
index 4037e69b124a49361cb1cd2566626fa52cef621b..7da899fec92c51ae675ee34c6ba05e6f5f787f3f 100644 (file)
--- a/src/pakfire/client.c
+++ b/src/pakfire/client.c
@@ -151,6 +151,8 @@ ERROR:
 static int pakfire_client_auth_response(struct pakfire_xfer* xfer,
        pakfire_xfer_error_code_t code, json_object* response, void* data);
 
+static int pakfire_client_auth_required(struct pakfire_client* self);
+
 /*
        Triggers a refresh of the access and refresh tokens
 */
@@ -163,6 +165,10 @@ static int pakfire_client_auth_refresh(struct pakfire_client* self) {
        if (!*self->auth.refresh_token)
                return -ENOTSUP;
 
+       // Require authentication if the refresh token has completely expired
+       if (pakfire_jwt_has_expired(self->auth.refresh_token))
+               return pakfire_client_auth_required(self);
+
        // Log action
        DEBUG(self->ctx, "Refreshing authentication tokens...\n");