Fix invalid token after credentials change (#4717)

- If sync fails we set authFailedAt - This information is displayed in the frontend in accounts with a `Sync Failed` pill - The user can reconnect his account in the dropdown menu - A new OAuth flow is triggered - The account is synced
2024-04-02 11:32:27 +02:00
parent a3a15957f4
commit ffb1733f39
18 changed files with 318 additions and 123 deletions
--- a/packages/twenty-server/src/modules/connected-account/repositories/connected-account.repository.ts
+++ b/packages/twenty-server/src/modules/connected-account/repositories/connected-account.repository.ts
@ -150,4 +150,20 @@ export class ConnectedAccountRepository {
      transactionManager,
    );
  }
+
+  public async updateAuthFailedAt(
+    connectedAccountId: string,
+    workspaceId: string,
+    transactionManager?: EntityManager,
+  ) {
+    const dataSourceSchema =
+      this.workspaceDataSourceService.getSchemaName(workspaceId);
+
+    await this.workspaceDataSourceService.executeRawQuery(
+      `UPDATE ${dataSourceSchema}."connectedAccount" SET "authFailedAt" = NOW() WHERE "id" = $1`,
+      [connectedAccountId],
+      workspaceId,
+      transactionManager,
+    );
+  }
 }
--- a/packages/twenty-server/src/modules/connected-account/services/google-api-refresh-access-token/google-api-refresh-access-token.service.ts
+++ b/packages/twenty-server/src/modules/connected-account/services/google-api-refresh-access-token/google-api-refresh-access-token.service.ts
@ -38,7 +38,11 @@ export class GoogleAPIRefreshAccessTokenService {
      );
    }

-    const accessToken = await this.refreshAccessToken(refreshToken);
+    const accessToken = await this.refreshAccessToken(
+      refreshToken,
+      connectedAccountId,
+      workspaceId,
+    );

    await this.connectedAccountRepository.updateAccessToken(
      accessToken,
@ -47,22 +51,36 @@ export class GoogleAPIRefreshAccessTokenService {
    );
  }

-  async refreshAccessToken(refreshToken: string): Promise<string> {
-    const response = await axios.post(
-      'https://oauth2.googleapis.com/token',
-      {
-        client_id: this.environmentService.get('AUTH_GOOGLE_CLIENT_ID'),
-        client_secret: this.environmentService.get('AUTH_GOOGLE_CLIENT_SECRET'),
-        refresh_token: refreshToken,
-        grant_type: 'refresh_token',
-      },
-      {
-        headers: {
-          'Content-Type': 'application/json',
+  async refreshAccessToken(
+    refreshToken: string,
+    connectedAccountId: string,
+    workspaceId: string,
+  ): Promise<string> {
+    try {
+      const response = await axios.post(
+        'https://oauth2.googleapis.com/token',
+        {
+          client_id: this.environmentService.get('AUTH_GOOGLE_CLIENT_ID'),
+          client_secret: this.environmentService.get(
+            'AUTH_GOOGLE_CLIENT_SECRET',
+          ),
+          refresh_token: refreshToken,
+          grant_type: 'refresh_token',
        },
-      },
-    );
+        {
+          headers: {
+            'Content-Type': 'application/json',
+          },
+        },
+      );

-    return response.data.access_token;
+      return response.data.access_token;
+    } catch (error) {
+      await this.connectedAccountRepository.updateAuthFailedAt(
+        connectedAccountId,
+        workspaceId,
+      );
+      throw new Error(`Error refreshing access token: ${error.message}`);
+    }
  }
 }
--- a/packages/twenty-server/src/modules/connected-account/standard-objects/connected-account.object-metadata.ts
+++ b/packages/twenty-server/src/modules/connected-account/standard-objects/connected-account.object-metadata.ts
@ -8,6 +8,7 @@ import { connectedAccountStandardFieldIds } from 'src/engine/workspace-manager/w
 import { standardObjectIds } from 'src/engine/workspace-manager/workspace-sync-metadata/constants/standard-object-ids';
 import { FieldMetadata } from 'src/engine/workspace-manager/workspace-sync-metadata/decorators/field-metadata.decorator';
 import { Gate } from 'src/engine/workspace-manager/workspace-sync-metadata/decorators/gate.decorator';
+import { IsNullable } from 'src/engine/workspace-manager/workspace-sync-metadata/decorators/is-nullable.decorator';
 import { IsSystem } from 'src/engine/workspace-manager/workspace-sync-metadata/decorators/is-system.decorator';
 import { ObjectMetadata } from 'src/engine/workspace-manager/workspace-sync-metadata/decorators/object-metadata.decorator';
 import { RelationMetadata } from 'src/engine/workspace-manager/workspace-sync-metadata/decorators/relation-metadata.decorator';
@ -81,6 +82,16 @@ export class ConnectedAccountObjectMetadata extends BaseObjectMetadata {
  })
  lastSyncHistoryId: string;

+  @FieldMetadata({
+    standardId: connectedAccountStandardFieldIds.authFailedAt,
+    type: FieldMetadataType.DATE_TIME,
+    label: 'Auth failed at',
+    description: 'Auth failed at',
+    icon: 'IconX',
+  })
+  @IsNullable()
+  authFailedAt: Date;
+
  @FieldMetadata({
    standardId: connectedAccountStandardFieldIds.messageChannels,
    type: FieldMetadataType.RELATION,