From d17c115ec28d973b6a52d1af1fdbea05871d3f0e Mon Sep 17 00:00:00 2001
From: Alankarsharma <alankar.sharma005@gmail.com>
Date: Tue, 30 Apr 2024 21:30:38 +0530
Subject: [PATCH 1/4] Bug fix

Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>
---
 server/auth/types/openid/openid_auth.ts | 4 ++--
 server/auth/types/openid/routes.ts      | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/server/auth/types/openid/openid_auth.ts b/server/auth/types/openid/openid_auth.ts
index b67e174c8..f350f1144 100644
--- a/server/auth/types/openid/openid_auth.ts
+++ b/server/auth/types/openid/openid_auth.ts
@@ -272,7 +272,7 @@ export class OpenIdAuthentication extends AuthenticationType {
       return false;
     }
 
-    if (cookie.expiryTime > Date.now()) {
+    if (cookie.credentials.expiryTime > Date.now()) {
       return true;
     }
 
@@ -296,8 +296,8 @@ export class OpenIdAuthentication extends AuthenticationType {
           cookie.credentials = {
             authHeaderValueExtra: true,
             refresh_token: refreshTokenResponse.refreshToken,
+            expiryTime: getExpirationDate(refreshTokenResponse),
           };
-          cookie.expiryTime = getExpirationDate(refreshTokenResponse);
 
           setExtraAuthStorage(
             request,
diff --git a/server/auth/types/openid/routes.ts b/server/auth/types/openid/routes.ts
index c23e26b1f..84e3bee42 100644
--- a/server/auth/types/openid/routes.ts
+++ b/server/auth/types/openid/routes.ts
@@ -195,9 +195,10 @@ export class OpenIdAuthRoutes {
             username: user.username,
             credentials: {
               authHeaderValueExtra: true,
+              expiryTime: getExpirationDate(tokenResponse),              
             },
             authType: AuthType.OPEN_ID,
-            expiryTime: getExpirationDate(tokenResponse),
+            expiryTime: Date.now() + this.config.session.ttl,
           };
           if (this.config.openid?.refresh_tokens && tokenResponse.refreshToken) {
             Object.assign(sessionStorage.credentials, {

From 7774f82691cd32d239d901b13ab2f2287da56846 Mon Sep 17 00:00:00 2001
From: Alankarsharma <alankar.sharma005@gmail.com>
Date: Tue, 30 Apr 2024 21:32:33 +0530
Subject: [PATCH 2/4] Update cookie expiry as well

Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>
---
 server/auth/types/openid/openid_auth.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/server/auth/types/openid/openid_auth.ts b/server/auth/types/openid/openid_auth.ts
index f350f1144..04c205414 100644
--- a/server/auth/types/openid/openid_auth.ts
+++ b/server/auth/types/openid/openid_auth.ts
@@ -298,6 +298,7 @@ export class OpenIdAuthentication extends AuthenticationType {
             refresh_token: refreshTokenResponse.refreshToken,
             expiryTime: getExpirationDate(refreshTokenResponse),
           };
+          cookie.expiryTime = Date.now() + this.config.session.ttl;
 
           setExtraAuthStorage(
             request,

From 9fe50db209d52d1c8c505779d782084e66a46923 Mon Sep 17 00:00:00 2001
From: Alankarsharma <alankar.sharma005@gmail.com>
Date: Tue, 7 May 2024 18:38:54 +0530
Subject: [PATCH 3/4] Lint issue fix

Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>
---
 server/auth/types/openid/routes.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/auth/types/openid/routes.ts b/server/auth/types/openid/routes.ts
index 84e3bee42..b0483057f 100644
--- a/server/auth/types/openid/routes.ts
+++ b/server/auth/types/openid/routes.ts
@@ -195,7 +195,7 @@ export class OpenIdAuthRoutes {
             username: user.username,
             credentials: {
               authHeaderValueExtra: true,
-              expiryTime: getExpirationDate(tokenResponse),              
+              expiryTime: getExpirationDate(tokenResponse),
             },
             authType: AuthType.OPEN_ID,
             expiryTime: Date.now() + this.config.session.ttl,

From 1440b4f1b6aaa597f80b821175e88e0941173ab4 Mon Sep 17 00:00:00 2001
From: Alankarsharma <alankar.sharma005@gmail.com>
Date: Wed, 8 May 2024 08:59:48 +0530
Subject: [PATCH 4/4] fixed test case

Signed-off-by: Alankarsharma <alankar.sharma005@gmail.com>
---
 server/auth/types/openid/openid_auth.test.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/auth/types/openid/openid_auth.test.ts b/server/auth/types/openid/openid_auth.test.ts
index c8cc839e7..82fefa7c9 100644
--- a/server/auth/types/openid/openid_auth.test.ts
+++ b/server/auth/types/openid/openid_auth.test.ts
@@ -236,7 +236,8 @@ describe('test OpenId authHeaderValue', () => {
       authType: 'openid',
     };
 
-    expect(await openIdAuthentication.isValidCookie(testCookie, {})).toBe(true);
+    // As ID token is expired and no refresh token value is passed, it will return false
+    expect(await openIdAuthentication.isValidCookie(testCookie, {})).toBe(false);
     global.Date.now = realDateNow;
   });