fix oauth2 token loss?

2026-04-19 15:28:19 +00:00 · 2025-12-30 13:07:14 -05:00 · 2025-12-30 13:07:14 -05:00 · 939aa09b8b
commit 939aa09b8b
parent 555b8e7ac3
4 changed files with 17 additions and 19 deletions
--- a/2
+++ b/2
@ -178,4 +178,4 @@ gem "phlex-pdf", "~> 0.1.2"

 gem "ttfunk", github: "24c02/ttfunk"

-gem "hcbv4", "~> 0.1"
+gem "hcbv4", "~> 0.2"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -238,7 +238,7 @@ GEM
      hashids (~> 1.0)
    hashids (1.0.6)
    hashie (5.0.0)
-    hcbv4 (0.1.1)
+    hcbv4 (0.2.0)
    http (5.2.0)
      addressable (~> 2.8)
      base64 (~> 0.1)
@ -723,7 +723,7 @@ DEPENDENCIES
  foreman (~> 0.88.1)
  good_job (~> 4.11)
  hashid-rails (~> 1.4)
-  hcbv4 (~> 0.1)
+  hcbv4 (~> 0.2)
  http (~> 5.2)
  ivymeter (~> 0.1.0)
  jb (~> 0.8.2)
--- a/app/controllers/hcb/payment_accounts_controller.rb
+++ b/app/controllers/hcb/payment_accounts_controller.rb
@ -9,6 +9,12 @@ class HCB::PaymentAccountsController < ApplicationController
    redirect_to hcb_payment_accounts_path, alert: "Failed to load HCB organizations: #{e.message} (#{event_id})"
  end

+  rescue_from OAuth2::Error do |e|
+    Sentry.capture_exception(e, extra: { user_id: current_user.id, response_body: e.response&.body })
+    current_user.hcb_oauth_connection&.destroy
+    redirect_to new_hcb_oauth_connection_path, alert: "Your HCB connection expired. Please reconnect."
+  end
+
  def index
    @payment_accounts = current_user.hcb_payment_accounts
  end
--- a/app/models/hcb/oauth_connection.rb
+++ b/app/models/hcb/oauth_connection.rb
@ -34,26 +34,18 @@ class HCB::OauthConnection < ApplicationRecord
      refresh_token: refresh_token,
      expires_at: expires_at&.to_i,
      base_url: hcb_api_base,
+      on_token_refresh: ->(token) {
+        update!(
+          access_token: token.token,
+          refresh_token: token.refresh_token,
+          expires_at: token.expires_at ? Time.at(token.expires_at) : nil,
+        )
+      }
    )
  end

  def organizations
-    result = client.organizations
-    persist_refreshed_token!
-    result
-  end
-
-  def persist_refreshed_token!
-    token = client.oauth_token
-    return unless token.respond_to?(:token)
-
-    if token.token != access_token || token.refresh_token != refresh_token
-      update!(
-        access_token: token.token,
-        refresh_token: token.refresh_token,
-        expires_at: token.expires_at ? Time.at(token.expires_at) : nil,
-      )
-    end
+    client.organizations
  end

  private