From 0396e8e3b093d02e3c7d56639d9e6167205eac35 Mon Sep 17 00:00:00 2001
From: Jesse Brault <jbrault@mac.com>
Date: Sat, 17 Aug 2024 22:34:40 -0500
Subject: [PATCH] Bug with token refresh causing 500 internal server error
 seems to be fixed by locking the RefreshToken entity.

---
 .../java/app/mealsmadeeasy/api/auth/AuthServiceImpl.java     | 5 ++++-
 .../app/mealsmadeeasy/api/auth/RefreshTokenRepository.java   | 5 +++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/main/java/app/mealsmadeeasy/api/auth/AuthServiceImpl.java b/src/main/java/app/mealsmadeeasy/api/auth/AuthServiceImpl.java
index fe134eb..106a51d 100644
--- a/src/main/java/app/mealsmadeeasy/api/auth/AuthServiceImpl.java
+++ b/src/main/java/app/mealsmadeeasy/api/auth/AuthServiceImpl.java
@@ -2,6 +2,7 @@ package app.mealsmadeeasy.api.auth;
 
 import app.mealsmadeeasy.api.jwt.JwtService;
 import app.mealsmadeeasy.api.user.UserEntity;
+import jakarta.transaction.Transactional;
 import org.jetbrains.annotations.Nullable;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -14,7 +15,7 @@ import java.time.LocalDateTime;
 import java.util.UUID;
 
 @Service
-public final class AuthServiceImpl implements AuthService {
+public class AuthServiceImpl implements AuthService {
 
     private final AuthenticationManager authenticationManager;
     private final JwtService jwtService;
@@ -60,11 +61,13 @@ public final class AuthServiceImpl implements AuthService {
     }
 
     @Override
+    @Transactional
     public void logout(String refreshToken) {
         this.refreshTokenRepository.findByToken(refreshToken).ifPresent(this.refreshTokenRepository::delete);
     }
 
     @Override
+    @Transactional
     public LoginDetails refresh(@Nullable String refreshToken) throws LoginException {
         if (refreshToken == null) {
             throw new LoginException(LoginExceptionReason.NO_REFRESH_TOKEN, "No refresh token provided.");
diff --git a/src/main/java/app/mealsmadeeasy/api/auth/RefreshTokenRepository.java b/src/main/java/app/mealsmadeeasy/api/auth/RefreshTokenRepository.java
index a163d4f..d90387c 100644
--- a/src/main/java/app/mealsmadeeasy/api/auth/RefreshTokenRepository.java
+++ b/src/main/java/app/mealsmadeeasy/api/auth/RefreshTokenRepository.java
@@ -1,9 +1,14 @@
 package app.mealsmadeeasy.api.auth;
 
+import jakarta.persistence.LockModeType;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Lock;
 
 import java.util.Optional;
 
 public interface RefreshTokenRepository extends JpaRepository<RefreshTokenEntity, Long> {
+
+    @Lock(LockModeType.PESSIMISTIC_READ)
     Optional<RefreshTokenEntity> findByToken(String token);
+
 }