Fixed#8354: Support Login For User from multiple devices with different refresh tokens (#8454)

* Fixed#8354: Support Login For User from multiple devices with different refresh tokens

* Fixed#8354: Support Login For User from multiple devices with different refresh tokens

openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java

@@ -9,7 +9,6 @@ import static org.openmetadata.schema.auth.ChangePasswordRequest.RequestType.SEL
 import static org.openmetadata.schema.auth.ChangePasswordRequest.RequestType.USER;
 import static org.openmetadata.schema.auth.TokenType.EMAIL_VERIFICATION;
 import static org.openmetadata.schema.auth.TokenType.PASSWORD_RESET;
-import static org.openmetadata.schema.auth.TokenType.REFRESH_TOKEN;
 import static org.openmetadata.schema.entity.teams.AuthenticationMechanism.AuthType.BASIC;
 import static org.openmetadata.service.exception.CatalogExceptionMessage.EMAIL_SENDING_ISSUE;
 import static org.openmetadata.service.exception.CatalogExceptionMessage.INVALID_USERNAME_PASSWORD;
@@ -313,7 +312,6 @@ public class BasicAuthenticator implements AuthenticatorHandler {
   @Override
   public RefreshToken createRefreshTokenForLogin(UUID currentUserId) throws JsonProcessingException {
     // just delete the existing token
-    tokenRepository.deleteTokenByUserAndType(currentUserId.toString(), REFRESH_TOKEN.toString());
     RefreshToken newRefreshToken = TokenUtil.getRefreshToken(currentUserId, UUID.randomUUID());
     // save Refresh Token in Database
     tokenRepository.insertToken(newRefreshToken);
@@ -323,7 +321,7 @@ public class BasicAuthenticator implements AuthenticatorHandler {
 
   @Override
   public JwtResponse getNewAccessToken(String userName, TokenRefreshRequest request) throws IOException {
-    User storedUser = userRepository.getByName(null, userName, userRepository.getFields("*"));
+    User storedUser = userRepository.getByName(null, userName, userRepository.getFieldsWithUserAuth("*"));
     if (storedUser.getIsBot() != null && storedUser.getIsBot()) {
       throw new IllegalArgumentException("User are only allowed to login");
     }
@@ -364,7 +362,7 @@ public class BasicAuthenticator implements AuthenticatorHandler {
     }
     // TODO: currently allow single login from a place, later multiple login can be added
     // just delete the existing token
-    tokenRepository.deleteTokenByUserAndType(currentUserId.toString(), REFRESH_TOKEN.toString());
+    tokenRepository.deleteToken(requestRefreshToken);
     // we use rotating refresh token , generate new token
     RefreshToken newRefreshToken = TokenUtil.getRefreshToken(currentUserId, UUID.randomUUID());
     // save Refresh Token in Database