token based login: fix re-logins

2025-07-23 12:51:40 +02:00 · 2022-07-26 13:50:54 +02:00
parent dc0bf80742
commit d4b1b32ca0
2 changed files with 25 additions and 13 deletions
--- a/internal/auth/jwt.go
+++ b/internal/auth/jwt.go
@@ -2,6 +2,7 @@ package auth

 import (
 	"crypto/ed25519"
+	"database/sql"
 	"encoding/base64"
 	"errors"
 	"fmt"
@@ -106,15 +107,23 @@ func (ja *JWTAuthenticator) Login(user *User, rw http.ResponseWriter, r *http.Re
 			}
 		}
 	}
+	if rawrole, ok := claims["roles"].(string); ok {
+		roles = append(roles, rawrole)
+	}

 	if user == nil {
-		user = &User{
-			Username:   sub,
-			Roles:      roles,
-			AuthSource: AuthViaToken,
-		}
-		if err := ja.auth.AddUser(user); err != nil {
+		user, err = ja.auth.GetUser(sub)
+		if err != nil && err != sql.ErrNoRows {
 			return nil, err
+		} else if user == nil {
+			user = &User{
+				Username:   sub,
+				Roles:      roles,
+				AuthSource: AuthViaToken,
+			}
+			if err := ja.auth.AddUser(user); err != nil {
+				return nil, err
+			}
 		}
 	}