OAuth improvements: Also ensure tokens based on config state

4 files changed, 36 insertions, 14 deletions

diff --git a/src/fsm.go b/src/fsm.go
index fa2a5c4..0ed7a37 100644
--- a/src/fsm.go
+++ b/src/fsm.go
@@ -141,7 +141,7 @@ func (eduvpn *VPNState) InitializeFSM() {
 			NO_SERVER: {{CHOSEN_SERVER, "User chooses a server"}},
 			CHOSEN_SERVER: {{AUTHENTICATED, "Found tokens in config"}, {OAUTH_STARTED, "No tokens found in config"}},
 			OAUTH_STARTED: {{AUTHENTICATED, "User authorizes with browser"}},
-			AUTHENTICATED: {{CONNECTED, "OS reports connected"}},
+			AUTHENTICATED: {{CONNECTED, "OS reports connected"}, {OAUTH_STARTED, "Re-authenticate with OAuth"}},
 			CONNECTED: {{AUTHENTICATED, "OS reports disconnected"}},
 		},
 		Current: DEREGISTERED,
diff --git a/src/oauth.go b/src/oauth.go
index 836165a..eb4e13f 100644
--- a/src/oauth.go
+++ b/src/oauth.go
@@ -303,15 +303,29 @@ func (oauth *OAuth) Login() error {
 	return state.LoginOAuth()
 }
 
+func (oauth *OAuth) NeedsRelogin() bool {
+	// The tokens are not expired yet
+	// No relogin is needed
+	if !oauth.isTokensExpired() {
+		GetVPNState().Log(LOG_INFO, "OAuth: Tokens are not expired, re-login not needed")
+		return false
+	}
+
+	refreshErr := oauth.getTokensWithRefresh()
+	// We have obtained new tokens with refresh
+	if refreshErr == nil {
+		GetVPNState().Log(LOG_INFO, "OAuth: Tokens could be re-acquired using the refresh token, re-login not needed")
+		return false
+	}
+
+	// Otherwise relogin is really needed
+	return true
+}
+
 func (oauth *OAuth) EnsureTokens() error {
-	if oauth.isTokensExpired() {
-		GetVPNState().Log(LOG_INFO, "OAuth: Tokens are expired, retrying with refresh tokens")
-		err := oauth.getTokensWithRefresh()
-		if err != nil {
-			GetVPNState().Log(LOG_INFO, fmt.Sprintf("OAuth: Refresh tokens with error %v, retrying with a new login phase", err))
-			// log that we're getting tokens using login
-			return oauth.Login()
-		}
+	if oauth.NeedsRelogin() {
+		GetVPNState().Log(LOG_INFO, "OAuth: Tokens are invalid, relogging in")
+		return oauth.Login()
 	}
 	return nil
 }
diff --git a/src/server.go b/src/server.go
index b398183..69df14f 100644
--- a/src/server.go
+++ b/src/server.go
@@ -54,10 +54,14 @@ func (server *Server) Initialize(url string) error {
 	return nil
 }
 
-// FIXME: Check validity of tokens
-func (server *Server) IsAuthenticated() bool {
-	return server.OAuth != nil
-	// return GetVPNState().HasTransition(SERVER_NOT_AUTHENTICATED)
+func (server *Server) NeedsRelogin() bool {
+	// Server has no oauth tokens
+	if server.OAuth == nil {
+		return true
+	}
+
+	// Server has oauth tokens, check if they need a relogin
+	return server.OAuth.NeedsRelogin()
 }
 
 func (server *Server) GetEndpoints() error {
diff --git a/src/state.go b/src/state.go
index c6f0f79..23bc1cd 100644
--- a/src/state.go
+++ b/src/state.go
@@ -76,12 +76,16 @@ func (state *VPNState) Connect(url string) (string, error) {
 		return "", initializeErr
 	}
 
-	if !state.Server.IsAuthenticated() {
+	// Relogin with oauth
+	// This moves the state to authenticated
+	if state.Server.NeedsRelogin() {
 		loginErr := state.LoginOAuth()
 
 		if loginErr != nil {
 			return "", loginErr
 		}
+	} else { // OAuth was valid, ensure we are in the authenticated state
+		state.GoTransition(AUTHENTICATED, "")
 	}
 
 	config, configErr := state.Server.GetConfig()