From 819c75c1263d09f33dade3b6f93dae278abe2adb Mon Sep 17 00:00:00 2001
From: Lorenzo Blasa <lblasa@meta.com>
Date: Fri, 1 Sep 2023 04:52:09 -0700
Subject: [PATCH] Verify server certificates before returning existing token

Summary:
If the server certificates have expired, then the returned token will no longer be valid as soon as the certificates are renewed.

So, validate this before returning any existing token.

This was not an issue before, as launching used to be the last step during bootstrapping.

Reviewed By: antonk52

Differential Revision: D48902334

fbshipit-source-id: 2458aa0df806db245994ee742f42bff47a533e23
---
 .../certificate-exchange/certificate-utils.tsx             | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/desktop/flipper-server-core/src/app-connectivity/certificate-exchange/certificate-utils.tsx b/desktop/flipper-server-core/src/app-connectivity/certificate-exchange/certificate-utils.tsx
index 185d3c948..e047e90f1 100644
--- a/desktop/flipper-server-core/src/app-connectivity/certificate-exchange/certificate-utils.tsx
+++ b/desktop/flipper-server-core/src/app-connectivity/certificate-exchange/certificate-utils.tsx
@@ -168,6 +168,7 @@ const ensureServerCertExists = async (): Promise<void> => {
   } catch (e) {
     console.warn('Not all certs are valid, generating new ones', e);
     await generateServerCertificate();
+    await generateAuthToken();
   }
 };
 
@@ -317,6 +318,12 @@ export const generateAuthToken = async () => {
 };
 
 export const getAuthToken = async (): Promise<string> => {
+  // Ensure we check for the validity of certificates before
+  // returning an authentication token.
+  // If the server certificates have expired, they will need
+  // to be renewed and will invalidate any existing token.
+  await ensureServerCertExists();
+
   if (!(await hasAuthToken())) {
     return generateAuthToken();
   }