From 2daefb2a813926bcbdcf533ec60fe42ac84b8c4d Mon Sep 17 00:00:00 2001 From: James Mikrut Date: Fri, 28 Jun 2024 11:20:49 -0400 Subject: [PATCH] chore: removes unused token arg to refresh operation (#6977) ## Description Duplicate of #6976 for 3.x --- docs/authentication/operations.mdx | 9 +-------- packages/graphql/src/resolvers/auth/refresh.ts | 13 ++----------- packages/graphql/src/schema/initCollections.ts | 3 --- packages/next/src/routes/rest/auth/refresh.ts | 16 +--------------- packages/payload/src/auth/operations/refresh.ts | 3 +-- 5 files changed, 5 insertions(+), 39 deletions(-) diff --git a/docs/authentication/operations.mdx b/docs/authentication/operations.mdx index 1bc1979f01..103ab2f002 100644 --- a/docs/authentication/operations.mdx +++ b/docs/authentication/operations.mdx @@ -191,7 +191,7 @@ mutation { ## Refresh -Allows for "refreshing" JWTs. If your user has a token that is about to expire, but the user is still active and using the app, you might want to use the `refresh` operation to receive a new token by sending the operation the token that is about to expire. +Allows for "refreshing" JWTs. If your user has a token that is about to expire, but the user is still active and using the app, you might want to use the `refresh` operation to receive a new token by executing this operation via the authenticated user. This operation requires a non-expired token to send back a new one. If the user's token has already expired, you will need to allow them to log in again to retrieve a new token. @@ -237,13 +237,6 @@ mutation { } ``` - - The Refresh operation will automatically find the user's token in either a JWT header or the - HTTP-only cookie. But, you can specify the token you're looking to refresh by providing the REST - API with a `token` within the JSON body of the request, or by providing the GraphQL resolver a - `token` arg. - - ## Verify by Email If your collection supports email verification, the Verify operation will be exposed which accepts a verification token and sets the user's `_verified` property to `true`, thereby allowing the user to authenticate with the Payload API. diff --git a/packages/graphql/src/resolvers/auth/refresh.ts b/packages/graphql/src/resolvers/auth/refresh.ts index 0722fed8a3..e2af3916ae 100644 --- a/packages/graphql/src/resolvers/auth/refresh.ts +++ b/packages/graphql/src/resolvers/auth/refresh.ts @@ -1,24 +1,15 @@ import type { Collection } from 'payload' -import { extractJWT, generatePayloadCookie, isolateObjectProperty, refreshOperation } from 'payload' +import { generatePayloadCookie, isolateObjectProperty, refreshOperation } from 'payload' import type { Context } from '../types.js' function refreshResolver(collection: Collection): any { - async function resolver(_, args, context: Context) { - let token - - token = extractJWT(context.req) - - if (args.token) { - token = args.token - } - + async function resolver(_, __, context: Context) { const options = { collection, depth: 0, req: isolateObjectProperty(context.req, 'transactionID'), - token, } const result = await refreshOperation(options) diff --git a/packages/graphql/src/schema/initCollections.ts b/packages/graphql/src/schema/initCollections.ts index a7395c058e..75b3aedcb4 100644 --- a/packages/graphql/src/schema/initCollections.ts +++ b/packages/graphql/src/schema/initCollections.ts @@ -416,9 +416,6 @@ function initCollectionsGraphQL({ config, graphqlResult }: InitCollectionsGraphQ }, }, }), - args: { - token: { type: GraphQLString }, - }, resolve: refresh(collection), } diff --git a/packages/next/src/routes/rest/auth/refresh.ts b/packages/next/src/routes/rest/auth/refresh.ts index bc65e441d4..9c77ca90c3 100644 --- a/packages/next/src/routes/rest/auth/refresh.ts +++ b/packages/next/src/routes/rest/auth/refresh.ts @@ -1,5 +1,5 @@ import httpStatus from 'http-status' -import { extractJWT, generatePayloadCookie, refreshOperation } from 'payload' +import { generatePayloadCookie, refreshOperation } from 'payload' import type { CollectionRouteHandler } from '../types.js' @@ -7,29 +7,15 @@ import { headersWithCors } from '../../../utilities/headersWithCors.js' export const refresh: CollectionRouteHandler = async ({ collection, req }) => { const { t } = req - const token = typeof req.data?.token === 'string' ? req.data.token : extractJWT(req) const headers = headersWithCors({ headers: new Headers(), req, }) - if (!token) { - return Response.json( - { - message: t('error:tokenNotProvided'), - }, - { - headers, - status: httpStatus.UNAUTHORIZED, - }, - ) - } - const result = await refreshOperation({ collection, req, - token, }) if (result.setCookie) { diff --git a/packages/payload/src/auth/operations/refresh.ts b/packages/payload/src/auth/operations/refresh.ts index 65a668f2e0..345575a294 100644 --- a/packages/payload/src/auth/operations/refresh.ts +++ b/packages/payload/src/auth/operations/refresh.ts @@ -22,7 +22,6 @@ export type Result = { export type Arguments = { collection: Collection req: PayloadRequestWithData - token: string } export const refreshOperation = async (incomingArgs: Arguments): Promise => { @@ -63,7 +62,7 @@ export const refreshOperation = async (incomingArgs: Arguments): Promise }, } = args - if (typeof args.token !== 'string' || !args.req.user) throw new Forbidden(args.req.t) + if (!args.req.user) throw new Forbidden(args.req.t) const parsedURL = url.parse(args.req.url) const isGraphQL = parsedURL.pathname === config.routes.graphQL