chore: removes unused token arg to refresh operation (#6977)

## Description Duplicate of #6976 for 3.x
2024-06-28 11:20:49 -04:00
parent 9cdcf20c95
commit 2daefb2a81
5 changed files with 5 additions and 39 deletions
--- a/docs/authentication/operations.mdx
+++ b/docs/authentication/operations.mdx
@@ -191,7 +191,7 @@ mutation {

 ## Refresh

-Allows for "refreshing" JWTs. If your user has a token that is about to expire, but the user is still active and using the app, you might want to use the `refresh` operation to receive a new token by sending the operation the token that is about to expire.
+Allows for "refreshing" JWTs. If your user has a token that is about to expire, but the user is still active and using the app, you might want to use the `refresh` operation to receive a new token by executing this operation via the authenticated user.

 This operation requires a non-expired token to send back a new one. If the user's token has already expired, you will need to allow them to log in again to retrieve a new token.

@@ -237,13 +237,6 @@ mutation {
 }
 ```

-<Banner type="success">
-  The Refresh operation will automatically find the user's token in either a JWT header or the
-  HTTP-only cookie. But, you can specify the token you're looking to refresh by providing the REST
-  API with a `token` within the JSON body of the request, or by providing the GraphQL resolver a
-  `token` arg.
-</Banner>
-
 ## Verify by Email

 If your collection supports email verification, the Verify operation will be exposed which accepts a verification token and sets the user's `_verified` property to `true`, thereby allowing the user to authenticate with the Payload API.
--- a/packages/graphql/src/resolvers/auth/refresh.ts
+++ b/packages/graphql/src/resolvers/auth/refresh.ts
@@ -1,24 +1,15 @@
 import type { Collection } from 'payload'

-import { extractJWT, generatePayloadCookie, isolateObjectProperty, refreshOperation } from 'payload'
+import { generatePayloadCookie, isolateObjectProperty, refreshOperation } from 'payload'

 import type { Context } from '../types.js'

 function refreshResolver(collection: Collection): any {
-  async function resolver(_, args, context: Context) {
-    let token
-
-    token = extractJWT(context.req)
-
-    if (args.token) {
-      token = args.token
-    }
-
+  async function resolver(_, __, context: Context) {
    const options = {
      collection,
      depth: 0,
      req: isolateObjectProperty(context.req, 'transactionID'),
-      token,
    }

    const result = await refreshOperation(options)
--- a/packages/graphql/src/schema/initCollections.ts
+++ b/packages/graphql/src/schema/initCollections.ts
@@ -416,9 +416,6 @@ function initCollectionsGraphQL({ config, graphqlResult }: InitCollectionsGraphQ
            },
          },
        }),
-        args: {
-          token: { type: GraphQLString },
-        },
        resolve: refresh(collection),
      }

--- a/packages/next/src/routes/rest/auth/refresh.ts
+++ b/packages/next/src/routes/rest/auth/refresh.ts
@@ -1,5 +1,5 @@
 import httpStatus from 'http-status'
-import { extractJWT, generatePayloadCookie, refreshOperation } from 'payload'
+import { generatePayloadCookie, refreshOperation } from 'payload'

 import type { CollectionRouteHandler } from '../types.js'

@@ -7,29 +7,15 @@ import { headersWithCors } from '../../../utilities/headersWithCors.js'

 export const refresh: CollectionRouteHandler = async ({ collection, req }) => {
  const { t } = req
-  const token = typeof req.data?.token === 'string' ? req.data.token : extractJWT(req)

  const headers = headersWithCors({
    headers: new Headers(),
    req,
  })

-  if (!token) {
-    return Response.json(
-      {
-        message: t('error:tokenNotProvided'),
-      },
-      {
-        headers,
-        status: httpStatus.UNAUTHORIZED,
-      },
-    )
-  }
-
  const result = await refreshOperation({
    collection,
    req,
-    token,
  })

  if (result.setCookie) {
--- a/packages/payload/src/auth/operations/refresh.ts
+++ b/packages/payload/src/auth/operations/refresh.ts
@@ -22,7 +22,6 @@ export type Result = {
 export type Arguments = {
  collection: Collection
  req: PayloadRequestWithData
-  token: string
 }

 export const refreshOperation = async (incomingArgs: Arguments): Promise<Result> => {
@@ -63,7 +62,7 @@ export const refreshOperation = async (incomingArgs: Arguments): Promise<Result>
      },
    } = args

-    if (typeof args.token !== 'string' || !args.req.user) throw new Forbidden(args.req.t)
+    if (!args.req.user) throw new Forbidden(args.req.t)

    const parsedURL = url.parse(args.req.url)
    const isGraphQL = parsedURL.pathname === config.routes.graphQL