From 4ec22439fbce4430fcae019655b696bd0752e2bc Mon Sep 17 00:00:00 2001
From: Akhil <akhil.potukuchi@gmail.com>
Date: Fri, 13 Jun 2025 12:30:20 +0530
Subject: [PATCH 1/2] fix for totp migration: get new admin access token upon
 expiry

---
 lib/Service/SSOService.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/Service/SSOService.php b/lib/Service/SSOService.php
index 31263245..f8c48e17 100644
--- a/lib/Service/SSOService.php
+++ b/lib/Service/SSOService.php
@@ -19,6 +19,7 @@ class SSOService {
 	private ILogger $logger;
 	private array $ssoConfig = [];
 	private string $adminAccessToken;
+	private int $adminAccessTokenExpiresAt;
 	private string $currentUserId;
 	private string $currentUserName;
 	private ICrypto $crypto;
@@ -200,7 +201,11 @@ class SSOService {
 	}
 
 	private function getAdminAccessToken() : void {
-		if (!empty($this->adminAccessToken)) {
+		// Check if admin access token exists and has not expired
+		// Use a grace period of 10 seconds to account for network latencies
+		if (!empty($this->adminAccessToken)
+			&& !empty($this->adminAccessTokenExpiresAt)
+			&& (time() < ($this->adminAccessTokenExpiresAt - 10))) {
 			return;
 		}
 		$adminAccessTokenRoute = $this->ssoConfig['root_url'] . self::ADMIN_TOKEN_ENDPOINT;
@@ -228,6 +233,7 @@ class SSOService {
 			throw new SSOAdminAccessTokenException('Error: admin access token not set in response!');
 		}
 		$this->adminAccessToken = $response['access_token'];
+		$this->adminAccessTokenExpiresAt = time() + (int) $response['expires_in'];
 	}
 
 	private function callSSOAPI(string $url, string $method, array $data = [], int $expectedStatusCode = 200) :?array {
-- 
GitLab


From f4405d12d150e1240dd49463619b3d8f7899fb53 Mon Sep 17 00:00:00 2001
From: Akhil <akhil.potukuchi@gmail.com>
Date: Fri, 13 Jun 2025 15:53:34 +0530
Subject: [PATCH 2/2] Reset admin access token to defaults if not found or
 expired

---
 lib/Service/SSOService.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/Service/SSOService.php b/lib/Service/SSOService.php
index f8c48e17..8436d8eb 100644
--- a/lib/Service/SSOService.php
+++ b/lib/Service/SSOService.php
@@ -18,8 +18,8 @@ class SSOService {
 	private CurlService $curl;
 	private ILogger $logger;
 	private array $ssoConfig = [];
-	private string $adminAccessToken;
-	private int $adminAccessTokenExpiresAt;
+	private string $adminAccessToken = '';
+	private int $adminAccessTokenExpiresAt = 0;
 	private string $currentUserId;
 	private string $currentUserName;
 	private ICrypto $crypto;
@@ -204,10 +204,12 @@ class SSOService {
 		// Check if admin access token exists and has not expired
 		// Use a grace period of 10 seconds to account for network latencies
 		if (!empty($this->adminAccessToken)
-			&& !empty($this->adminAccessTokenExpiresAt)
+			&& $this->adminAccessTokenExpiresAt !== 0
 			&& (time() < ($this->adminAccessTokenExpiresAt - 10))) {
 			return;
 		}
+		$this->adminAccessToken = '';
+		$this->adminAccessTokenExpiresAt = 0;
 		$adminAccessTokenRoute = $this->ssoConfig['root_url'] . self::ADMIN_TOKEN_ENDPOINT;
 		$requestBody = [
 			'username' => $this->ssoConfig['admin_username'],
-- 
GitLab