From ca9c571179c752047c1ba39d063e2193eefc57a8 Mon Sep 17 00:00:00 2001
From: Parth Panchal <83201188+parthp2107@users.noreply.github.com>
Date: Mon, 31 Oct 2022 19:17:26 +0530
Subject: [PATCH] Fixed#8354: Support Login For User from multiple devices with
 different refresh tokens (#8454)

* Fixed#8354: Support Login For User from multiple devices with different refresh tokens

* Fixed#8354: Support Login For User from multiple devices with different refresh tokens
---
 .../service/security/auth/BasicAuthenticator.java           | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java
index 0c662214689..287313dd7d4 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java
@@ -9,7 +9,6 @@ import static org.openmetadata.schema.auth.ChangePasswordRequest.RequestType.SEL
 import static org.openmetadata.schema.auth.ChangePasswordRequest.RequestType.USER;
 import static org.openmetadata.schema.auth.TokenType.EMAIL_VERIFICATION;
 import static org.openmetadata.schema.auth.TokenType.PASSWORD_RESET;
-import static org.openmetadata.schema.auth.TokenType.REFRESH_TOKEN;
 import static org.openmetadata.schema.entity.teams.AuthenticationMechanism.AuthType.BASIC;
 import static org.openmetadata.service.exception.CatalogExceptionMessage.EMAIL_SENDING_ISSUE;
 import static org.openmetadata.service.exception.CatalogExceptionMessage.INVALID_USERNAME_PASSWORD;
@@ -313,7 +312,6 @@ public class BasicAuthenticator implements AuthenticatorHandler {
   @Override
   public RefreshToken createRefreshTokenForLogin(UUID currentUserId) throws JsonProcessingException {
     // just delete the existing token
-    tokenRepository.deleteTokenByUserAndType(currentUserId.toString(), REFRESH_TOKEN.toString());
     RefreshToken newRefreshToken = TokenUtil.getRefreshToken(currentUserId, UUID.randomUUID());
     // save Refresh Token in Database
     tokenRepository.insertToken(newRefreshToken);
@@ -323,7 +321,7 @@ public class BasicAuthenticator implements AuthenticatorHandler {
 
   @Override
   public JwtResponse getNewAccessToken(String userName, TokenRefreshRequest request) throws IOException {
-    User storedUser = userRepository.getByName(null, userName, userRepository.getFields("*"));
+    User storedUser = userRepository.getByName(null, userName, userRepository.getFieldsWithUserAuth("*"));
     if (storedUser.getIsBot() != null && storedUser.getIsBot()) {
       throw new IllegalArgumentException("User are only allowed to login");
     }
@@ -364,7 +362,7 @@ public class BasicAuthenticator implements AuthenticatorHandler {
     }
     // TODO: currently allow single login from a place, later multiple login can be added
     // just delete the existing token
-    tokenRepository.deleteTokenByUserAndType(currentUserId.toString(), REFRESH_TOKEN.toString());
+    tokenRepository.deleteToken(requestRefreshToken);
     // we use rotating refresh token , generate new token
     RefreshToken newRefreshToken = TokenUtil.getRefreshToken(currentUserId, UUID.randomUUID());
     // save Refresh Token in Database