Handle exceptions when tokens are revoked

Author: wgriffioen

src/Connection.php

@@ -3,6 +3,7 @@
 namespace Sendy\Api;
 
 use Psr\Http\Message\UriInterface;
+use Sendy\Api\Exceptions\ClientException;
 use Sendy\Api\Exceptions\SendyException;
 use Sendy\Api\Http\Request;
 use Sendy\Api\Http\Response;
@@ -244,10 +245,21 @@ private function acquireAccessToken(): void
             ];
         }
 
-        $body = $this->performRequest(
-            $this->createRequest('POST', self::BASE_URL . self::TOKEN_URL, json_encode($parameters)),
-            false,
-        );
+        try {
+            $body = $this->performRequest(
+                $this->createRequest('POST', self::BASE_URL . self::TOKEN_URL, json_encode($parameters)),
+                false,
+            );
+        } catch (ClientException $exception) {
+            // When the refresh token was refreshed in another process, it could occur that the connection still holds
+            // a valid refresh token with a revoked refresh token. When this occurs it is safe to use the valid access
+            // token.
+            if ($this->refreshTokenIsRevoked($exception->getResponse()) && $this->tokenExpires > time()) {
+                return;
+            }
+
+            throw $exception;
+        }
 
         $this->accessToken = $body['access_token'];
         $this->refreshToken = $body['refresh_token'];
@@ -439,4 +451,22 @@ public function __get(string $resource): Resource
 
         return new $className($this);
     }
+
+    /**
+     * @throws Exceptions\JsonException
+     */
+    private function refreshTokenIsRevoked(Response $response): bool
+    {
+        if ($response->getStatusCode() !== 400) {
+            return false;
+        }
+
+        $body = $response->getDecodedBody();
+
+        if (! isset($body['error'], $body['hint'])) {
+            return false;
+        }
+
+        return $body['error'] === 'invalid_grant' && $body['hint'] === 'Token has been revoked';
+    }
 }

tests/ConnectionTest.php

@@ -5,6 +5,8 @@
 use PHPUnit\Framework\TestCase;
 use Sendy\Api\ApiException;
 use Sendy\Api\Connection;
+use Sendy\Api\Exceptions\ClientException;
+use Sendy\Api\Exceptions\SendyException;
 use Sendy\Api\Http\Request;
 use Sendy\Api\Http\Response;
 use Sendy\Api\Http\Transport\MockTransport;
@@ -212,6 +214,60 @@ public function testTokensAreAcquiredWithRefreshToken(): void
         );
     }
 
+    public function testRevokedRefreshTokenIsHandled(): void
+    {
+        $connection = new Connection();
+
+        $transport = new MockTransport(
+            new Response(400, [], json_encode([
+                'error' => 'invalid_grant',
+                'hint' => 'Token has been revoked',
+            ])),
+        );
+
+        $connection->setTransport($transport);
+
+        $connection->setOauthClient(true);
+        $connection->setClientId('clientId');
+        $connection->setAccessToken('accessToken');
+        $connection->setClientSecret('clientSecret');
+        $connection->setRefreshToken('RefreshToken');
+        $connection->setTokenExpires(time() + 5);
+
+        try {
+            $connection->checkOrAcquireAccessToken();
+        } catch (SendyException $exception) {
+            $this->fail($exception->getMessage());
+        }
+
+        $this->assertTrue(true);
+    }
+
+    public function testUnexpectedExceptionWhenRefreshingTokensAreHandled(): void
+    {
+        $connection = new Connection();
+
+        $transport = new MockTransport(
+            new Response(400, [], json_encode([
+                'error' => 'unknown_error',
+                'hint' => 'Unknown error',
+            ])),
+        );
+
+        $connection->setTransport($transport);
+
+        $connection->setOauthClient(true);
+        $connection->setClientId('clientId');
+        $connection->setAccessToken('accessToken');
+        $connection->setClientSecret('clientSecret');
+        $connection->setRefreshToken('RefreshToken');
+        $connection->setTokenExpires(time() + 5);
+
+        $this->expectException(ClientException::class);
+
+        $connection->checkOrAcquireAccessToken();
+    }
+
     public function testTokenUpdateCallbackIsCalled(): void
     {
         $connection = new Connection();