4.0.6 issues pt3 (#2257)

* API : Fix issues with access and refresh tokens cache. xibosignage/xibo#3231 * Schedule : Fix autofocus on layout / campaign select2 dropdown. * Dashboards : Fix permissions check on Media Manager page. xibosignage/xibo#3263
xibosignage · Dec 7, 2023 · acd138b · acd138b
1 parent bc673b9
commit acd138b
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 17 deletions.
diff --git a/lib/Controller/MediaManager.php b/lib/Controller/MediaManager.php
@@ -100,7 +100,7 @@ private function getLibraryUsage(): array
         $sql .= ' GROUP BY type ';
         $sql .= ' ORDER BY 2 ';
 
-        $results = $this->store->select($sql, []);
+        $results = $this->store->select($sql, $params);
 
         $libraryUsage = [];
         $totalCount = 0;

diff --git a/lib/OAuth/AccessTokenRepository.php b/lib/OAuth/AccessTokenRepository.php
@@ -130,27 +130,38 @@ public function isAccessTokenRevoked($tokenId)
     /** @inheritDoc */
     public function persistNewAccessToken(AccessTokenEntityInterface $accessTokenEntity)
     {
+        $date = clone $accessTokenEntity->getExpiryDateTime();
+        // since stash cache sets expiresAt at up to provided date
+        // with up to 15% less than the provided date
+        // add more time to normal token expire, to ensure cache does not expire before the token.
+        $date = $date->add(new \DateInterval('PT30M'));
+
         // cache with token identifier
         $cache = $this->pool->getItem('C_' . $accessTokenEntity->getIdentifier());
+
         $cache->set(
             [
                 'userIdentifier' => $accessTokenEntity->getUserIdentifier(),
                 'client' => $accessTokenEntity->getClient()->getIdentifier()
             ]
         );
-        $cache->expiresAt($accessTokenEntity->getExpiryDateTime());
+        $cache->expiresAt($date);
         $this->pool->saveDeferred($cache);
 
         // double cache with client identifier and user identifier
         // this will allow us to revoke access to client or for specific client/user combination in the backend
-        $cache2 = $this->pool->getItem('C_' . $accessTokenEntity->getClient()->getIdentifier() . '/' . $accessTokenEntity->getUserIdentifier());
+        $cache2 = $this->pool->getItem(
+            'C_' . $accessTokenEntity->getClient()->getIdentifier() . '/' . $accessTokenEntity->getUserIdentifier()
+        );
+
         $cache2->set(
             [
                 'userIdentifier' => $accessTokenEntity->getUserIdentifier(),
                 'client' => $accessTokenEntity->getClient()->getIdentifier()
             ]
         );
-        $cache2->expiresAt($accessTokenEntity->getExpiryDateTime());
+
+        $cache2->expiresAt($date);
         $this->pool->saveDeferred($cache2);
     }
 

diff --git a/lib/OAuth/RefreshTokenRepository.php b/lib/OAuth/RefreshTokenRepository.php
@@ -1,8 +1,8 @@
 <?php
-/**
- * Copyright (C) 2022 Xibo Signage Ltd
+/*
+ * Copyright (C) 2023 Xibo Signage Ltd
  *
- * Xibo - Digital Signage - http://www.xibo.org.uk
+ * Xibo - Digital Signage - https://xibosignage.com
  *
  * This file is part of Xibo.
  *
@@ -52,14 +52,20 @@ public function __construct(\Xibo\Service\LogServiceInterface $logger, PoolInter
      */
     public function persistNewRefreshToken(RefreshTokenEntityInterface $refreshTokenEntity)
     {
+        $date = clone $refreshTokenEntity->getExpiryDateTime();
+        // since stash cache sets expiresAt at up to provided date
+        // with up to 15% less than the provided date
+        // add more time to normal refresh token expire, to ensure cache does not expire before the token.
+        $date = $date->add(new \DateInterval('P15D'));
+
         // cache with refresh token identifier
         $cache = $this->pool->getItem('R_' . $refreshTokenEntity->getIdentifier());
         $cache->set(
             [
                 'accessToken' => $refreshTokenEntity->getAccessToken()->getIdentifier(),
             ]
         );
-        $cache->expiresAt($refreshTokenEntity->getExpiryDateTime());
+        $cache->expiresAt($date);
         $this->pool->saveDeferred($cache);
     }
 
@@ -88,13 +94,18 @@ public function isRefreshTokenRevoked($tokenId)
         $tokenCache = $this->pool->getItem('C_' . $refreshTokenData['accessToken']);
         $tokenCacheData = $tokenCache->get();
 
-        // check access token cache by client and user identifiers
-        // (see if application got changed secret/revoked access)
-        $cache2 = $this->pool->getItem('C_' . $tokenCacheData['client'] . '/' . $tokenCacheData['userIdentifier']);
-        $data2 = $cache2->get();
+        // if the token itself not expired yet
+        // check if it was unauthorised by the specific user
+        // we cannot always check this as it would revoke refresh token if the access token already expired.
+        if (!$tokenCache->isMiss() && !empty($tokenCacheData)) {
+            // check access token cache by client and user identifiers
+            // (see if application got changed secret/revoked access)
+            $cache2 = $this->pool->getItem('C_' . $tokenCacheData['client'] . '/' . $tokenCacheData['userIdentifier']);
+            $data2 = $cache2->get();
 
-        if ($cache2->isMiss() || empty($data2)) {
-            return true;
+            if ($cache2->isMiss() || empty($data2)) {
+                return true;
+            }
         }
 
         return false; // The refresh token has not been revoked

diff --git a/ui/src/core/xibo-calendar.js b/ui/src/core/xibo-calendar.js
@@ -1480,7 +1480,7 @@ var setupSelectForSchedule = function (dialog) {
     // Select lists
     var $campaignSelect = $('#campaignId', dialog);
     $campaignSelect.select2({
-        dropdownParent: $(dialog),
+        dropdownParent: $(dialog).find('form'),
         ajax: {
             url: $campaignSelect.data('searchUrl'),
             dataType: 'json',
@@ -1543,13 +1543,19 @@ var setupSelectForSchedule = function (dialog) {
         }
     });
 
+    $campaignSelect.on('select2:open', function(event) {
+        setTimeout(function() {
+            $(event.target).data('select2').dropdown.$search.get(0).focus();
+        }, 10);
+    })
+
     var $displaySelect = $('select[name="displayGroupIds[]"]', dialog);
     $displaySelect.select2({
+        dropdownParent: $(dialog).find('form'),
         ajax: {
             url: $displaySelect.data('searchUrl'),
             dataType: 'json',
             delay: 250,
-            dropdownParent: $(dialog),
             data: function(params) {
                 var query = {
                     isDisplaySpecific: -1,

diff --git a/views/schedule-page.twig b/views/schedule-page.twig
@@ -1261,7 +1261,12 @@
           .on('change', function (e) {
             // Refresh the calendar view
             setTimeout(calendar.view(), 1000);
-          });
+          })
+          .on('select2:open', function(event) {
+            setTimeout(function() {
+              $(event.target).data('select2').dropdown.$search.get(0).focus();
+            }, 10);
+          })
 
         // Set up our show all selector control
         $('#showAll, #eventTypeId, #recurring, #geoAware,' +