From 230f8ca288641c381aff129d59801843c52e6b82 Mon Sep 17 00:00:00 2001
From: Patrick Dawkins <patrick@platform.sh>
Date: Fri, 1 Dec 2023 12:42:10 +0000
Subject: [PATCH] Fix check for whether the SSO session expired - improves
 error message

---
 src/Service/Api.php | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/src/Service/Api.php b/src/Service/Api.php
index 3e45b02c9..52a855c27 100644
--- a/src/Service/Api.php
+++ b/src/Service/Api.php
@@ -9,6 +9,7 @@
 use GuzzleHttp\ClientInterface;
 use GuzzleHttp\Event\ErrorEvent;
 use GuzzleHttp\Exception\BadResponseException;
+use GuzzleHttp\Message\ResponseInterface;
 use Platformsh\Cli\CredentialHelper\Manager;
 use Platformsh\Cli\CredentialHelper\SessionStorage;
 use Platformsh\Cli\Event\EnvironmentsChangedEvent;
@@ -365,11 +366,11 @@ private function onRefreshError(BadResponseException $e) {
 
         $this->logout();
 
-        $body = (string) $e->getRequest()->getBody();
-        \parse_str($body, $parsed);
+        $reqBody = (string) $e->getRequest()->getBody();
+        \parse_str($reqBody, $parsed);
         if (isset($parsed['grant_type']) && $parsed['grant_type'] === 'api_token') {
             $this->stdErr->writeln('<comment>The API token is invalid.</comment>');
-        } elseif (isset($parsed['error_hint']) && strpos($parsed['error_hint'], 'SSO session has expired') !== false) {
+        } elseif ($this->isSsoSessionExpired($response)) {
             $this->stdErr->writeln('<comment>Your SSO session has expired. You have been logged out.</comment>');
         } else {
             $this->stdErr->writeln('<comment>Your session has expired. You have been logged out.</comment>');
@@ -387,6 +388,23 @@ private function onRefreshError(BadResponseException $e) {
         return $this->tokenFromSession($session);
     }
 
+    /**
+     * Tests if an HTTP response from refreshing a token indicates that the user's SSO session has expired.
+     *
+     * @param ResponseInterface|null $response
+     * @return bool
+     */
+    private function isSsoSessionExpired(ResponseInterface $response = null)
+    {
+        if (!$response || $response->getStatusCode() !== 400) {
+            return false;
+        }
+        $respBody = (string) $response->getBody();
+        $errDetails = \json_decode($respBody, true);
+        return isset($errDetails['error_hint'])
+            && strpos($errDetails['error_hint'], 'SSO session has expired') !== false;
+    }
+
     /**
      * Loads and returns an AccessToken, if possible, from a session.
      *