cameleer/cameleer-server
1
0
Fork 0
Code Issues 45 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: return rotated refresh token from agent token refresh endpoint
All checks were successful
CI / build (push) Successful in 1m22s
Details
CI / cleanup-branch (push) Has been skipped
Details
CI / docker (push) Successful in 56s
Details
CI / deploy (push) Successful in 47s
Details
CI / deploy-feature (push) Has been skipped
Details

Browse Source 
Previously the refresh endpoint only returned a new accessToken, causing
agents to lose their refreshToken after the first refresh cycle and
forcing a full re-registration every ~2 hours.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-03-18 16:44:16 +01:00
parent 4085f42160
commit 17ef48e392
5 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java
View File

@@ -159,8 +159,9 @@ public class AgentRegistrationController {
List<String> roles = result.roles().isEmpty() List<String> roles = result.roles().isEmpty()
? List.of("AGENT") : result.roles(); ? List.of("AGENT") : result.roles();
String newAccessToken = jwtService.createAccessToken(agentId, agent.group(), roles); String newAccessToken = jwtService.createAccessToken(agentId, agent.group(), roles);
String newRefreshToken = jwtService.createRefreshToken(agentId, agent.group(), roles);
return ResponseEntity.ok(new AgentRefreshResponse(newAccessToken)); return ResponseEntity.ok(new AgentRefreshResponse(newAccessToken, newRefreshToken));
} }
@PostMapping("/{id}/heartbeat") @PostMapping("/{id}/heartbeat")

4
cameleer3-server-app/src/main/java/com/cameleer3/server/app/dto/AgentRefreshResponse.java
View File

@@ -3,5 +3,5 @@ package com.cameleer3.server.app.dto;
import io.swagger.v3.oas.annotations.media.Schema; import io.swagger.v3.oas.annotations.media.Schema;
import jakarta.validation.constraints.NotNull; import jakarta.validation.constraints.NotNull;
@Schema(description = "Refreshed access token") @Schema(description = "Refreshed access and refresh tokens")
public record AgentRefreshResponse(@NotNull String accessToken) {} public record AgentRefreshResponse(@NotNull String accessToken, @NotNull String refreshToken) {}

2
cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/JwtRefreshIT.java
View File

@@ -79,6 +79,8 @@ class JwtRefreshIT extends AbstractPostgresIT {
JsonNode body = objectMapper.readTree(response.getBody()); JsonNode body = objectMapper.readTree(response.getBody());
assertThat(body.get("accessToken").asText()).isNotEmpty(); assertThat(body.get("accessToken").asText()).isNotEmpty();
assertThat(body.get("refreshToken").asText()).isNotEmpty();
assertThat(body.get("refreshToken").asText()).isNotEqualTo(refreshToken);
} }
@Test @Test

8
ui/src/api/openapi.json
View File

@@ -2913,14 +2913,18 @@
}, },
"AgentRefreshResponse": { "AgentRefreshResponse": {
"type": "object", "type": "object",
"description": "Refreshed access token", "description": "Refreshed access and refresh tokens",
"properties": { "properties": {
"accessToken": { "accessToken": {
"type": "string" "type": "string"
},
"refreshToken": {
"type": "string"
} }
}, },
"required": [ "required": [
"accessToken" "accessToken",
"refreshToken"
] ]
}, },
"CommandRequest": { "CommandRequest": {

3
ui/src/api/schema.d.ts vendored
View File

@@ -1069,9 +1069,10 @@ export interface components {
AgentRefreshRequest: { AgentRefreshRequest: {
refreshToken: string; refreshToken: string;
}; };
/** @description Refreshed access token */ /** @description Refreshed access and refresh tokens */
AgentRefreshResponse: { AgentRefreshResponse: {
accessToken: string; accessToken: string;
refreshToken: string;
}; };
/** @description Command to send to agent(s) */ /** @description Command to send to agent(s) */
CommandRequest: { CommandRequest: {