From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 25 Jun 2025 13:18:19 +0000 (+0000)
Subject: client: Require full authentication when the refresh token has expired
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ed0ba9d516d56861ed733e2f9b9a3f0d7b9254dd;p=pakfire.git

client: Require full authentication when the refresh token has expired

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/pakfire/client.c b/src/pakfire/client.c
index 4037e69b..7da899fe 100644
--- a/src/pakfire/client.c
+++ b/src/pakfire/client.c
@@ -151,6 +151,8 @@ ERROR:
 static int pakfire_client_auth_response(struct pakfire_xfer* xfer,
 	pakfire_xfer_error_code_t code, json_object* response, void* data);
 
+static int pakfire_client_auth_required(struct pakfire_client* self);
+
 /*
 	Triggers a refresh of the access and refresh tokens
 */
@@ -163,6 +165,10 @@ static int pakfire_client_auth_refresh(struct pakfire_client* self) {
 	if (!*self->auth.refresh_token)
 		return -ENOTSUP;
 
+	// Require authentication if the refresh token has completely expired
+	if (pakfire_jwt_has_expired(self->auth.refresh_token))
+		return pakfire_client_auth_required(self);
+
 	// Log action
 	DEBUG(self->ctx, "Refreshing authentication tokens...\n");