Add missing Authorization header on MAL refresh token request (#7686)

* Add missing Authorization header on MAL refresh token request. * Make sure to also close the response when it have failed. (cherry picked from commit 5315467908)
2025-10-30 22:07:57 +01:00 · 2022-08-04 23:17:43 -03:00
parent 09a3509d79
commit 03e4eb1061
2 changed files with 28 additions and 6 deletions
--- a/app/src/main/java/eu/kanade/tachiyomi/data/track/myanimelist/MyAnimeListApi.kt
+++ b/app/src/main/java/eu/kanade/tachiyomi/data/track/myanimelist/MyAnimeListApi.kt
@@ -22,6 +22,7 @@ import kotlinx.serialization.json.jsonArray
 import kotlinx.serialization.json.jsonObject
 import kotlinx.serialization.json.jsonPrimitive
 import okhttp3.FormBody
+import okhttp3.Headers
 import okhttp3.OkHttpClient
 import okhttp3.Request
 import okhttp3.RequestBody
@@ -256,13 +257,21 @@ class MyAnimeListApi(private val client: OkHttpClient, interceptor: MyAnimeListI
            .appendPath("my_list_status")
            .build()

-        fun refreshTokenRequest(refreshToken: String): Request {
+        fun refreshTokenRequest(oauth: OAuth): Request {
            val formBody: RequestBody = FormBody.Builder()
                .add("client_id", clientId)
-                .add("refresh_token", refreshToken)
+                .add("refresh_token", oauth.refresh_token)
                .add("grant_type", "refresh_token")
                .build()
-            return POST("$baseOAuthUrl/token", body = formBody)
+
+            // Add the Authorization header manually as this particular
+            // request is called by the interceptor itself so it doesn't reach
+            // the part where the token is added automatically.
+            val headers = Headers.Builder()
+                .add("Authorization", "Bearer ${oauth.access_token}")
+                .build()
+
+            return POST("$baseOAuthUrl/token", body = formBody, headers = headers)
        }

        private fun getPkceChallengeCode(): String {
--- a/app/src/main/java/eu/kanade/tachiyomi/data/track/myanimelist/MyAnimeListInterceptor.kt
+++ b/app/src/main/java/eu/kanade/tachiyomi/data/track/myanimelist/MyAnimeListInterceptor.kt
@@ -1,9 +1,11 @@
 package eu.kanade.tachiyomi.data.track.myanimelist

+import eu.kanade.tachiyomi.network.parseAs
 import kotlinx.serialization.decodeFromString
 import kotlinx.serialization.json.Json
 import okhttp3.Interceptor
 import okhttp3.Response
+import okhttp3.internal.closeQuietly
 import uy.kohesive.injekt.injectLazy
 import java.io.IOException

@@ -24,11 +26,22 @@ class MyAnimeListInterceptor(private val myanimelist: MyAnimeList, private var t
        }
        // Refresh access token if expired
        if (oauth != null && oauth!!.isExpired()) {
-            chain.proceed(MyAnimeListApi.refreshTokenRequest(oauth!!.refresh_token)).use {
-                if (it.isSuccessful) {
-                    setAuth(json.decodeFromString(it.body!!.string()))
+            val newOauth = runCatching {
+                val oauthResponse = chain.proceed(MyAnimeListApi.refreshTokenRequest(oauth!!))
+
+                if (oauthResponse.isSuccessful) {
+                    oauthResponse.parseAs<OAuth>()
+                } else {
+                    oauthResponse.closeQuietly()
+                    null
                }
            }
+
+            if (newOauth.getOrNull() == null) {
+                throw IOException("Failed to refresh the access token")
+            }
+
+            setAuth(newOauth.getOrNull())
        }
        if (oauth == null) {
            throw IOException("No authentication token")