A 404 during a token refresh is no reason to give up

changelog/unreleased/9245

@@ -0,0 +1,4 @@
+Enhancement: Retry token refresh multiple times before logout
+
+https://github.com/owncloud/client/issues/9245
+https://github.com/owncloud/client/pull/9380

src/libsync/creds/httpcredentials.cpp

@@ -34,10 +34,15 @@
 #include <QSettings>
 #include <QSslKey>
 
+#include <chrono>
+
+using namespace std::chrono_literals;
+
 Q_LOGGING_CATEGORY(lcHttpCredentials, "sync.credentials.http", QtInfoMsg)
 Q_LOGGING_CATEGORY(lcHttpLegacyCredentials, "sync.credentials.http.legacy", QtInfoMsg)
 
 namespace {
+constexpr int TokenRefreshMaxRetries = 3;
 constexpr int CredentialVersion = 1;
 const char authenticationFailedC[] = "owncloud-authentication-failed";
 
@@ -241,6 +246,13 @@ bool HttpCredentials::refreshAccessToken()
     if (_isRenewingOAuthToken) {
         return true;
     }
+    if (++_tokenRefreshRetriesCount >= TokenRefreshMaxRetries) {
+        qCWarning(lcHttpCredentials) << "Too many failed refreshs" << _tokenRefreshRetriesCount << "-> log out";
+        forgetSensitiveData();
+        Q_EMIT _account->invalidCredentials();
+        _tokenRefreshRetriesCount = 0;
+        return false;
+    }
     _isRenewingOAuthToken = true;
 
     // don't touch _ready or the account state will start a new authentication
@@ -251,41 +263,20 @@ bool HttpCredentials::refreshAccessToken()
         oauth->deleteLater();
         _isRenewingOAuthToken = false;
         switch (error) {
-        // most probably a timeout
-        case QNetworkReply::OperationCanceledError:
-            Q_FALLTHROUGH();
-        case QNetworkReply::RemoteHostClosedError:
-            Q_FALLTHROUGH();
-        case QNetworkReply::ConnectionRefusedError:
-            Q_FALLTHROUGH();
-        case QNetworkReply::HostNotFoundError:
-            Q_FALLTHROUGH();
-        case QNetworkReply::TimeoutError:
-            Q_FALLTHROUGH();
-        case QNetworkReply::TemporaryNetworkFailureError:
-            Q_FALLTHROUGH();
-        case QNetworkReply::NetworkSessionFailedError:
-            Q_FALLTHROUGH();
-        case QNetworkReply::InternalServerError:
-            Q_FALLTHROUGH();
-        case QNetworkReply::ServiceUnavailableError:
-            Q_FALLTHROUGH();
-        case QNetworkReply::UnknownNetworkError:
-            QTimer::singleShot(30000, this, &HttpCredentials::refreshAccessToken);
+        case QNetworkReply::ContentNotFoundError:
+            // 404: bigip f5?
+            QTimer::singleShot(0, this, &HttpCredentials::refreshAccessToken);
             break;
         default:
-            // something is broken
-            // start fresh
-            qCWarning(lcHttpCredentials) << "Token refresh encountered an unsupported network error" << errorString << "-> log out";
-            forgetSensitiveData();
-            Q_EMIT _account->invalidCredentials();
+            QTimer::singleShot(30s, this, &HttpCredentials::refreshAccessToken);
         }
         Q_EMIT authenticationFailed();
     });
 
     connect(oauth, &OAuth::refreshFinished, this, [this, oauth](const QString &accessToken, const QString &refreshToken){
         oauth->deleteLater();
         _isRenewingOAuthToken = false;
+        _tokenRefreshRetriesCount = 0;
         if (refreshToken.isEmpty()) {
             // an error occured, log out
             forgetSensitiveData();

src/libsync/creds/httpcredentials.h

@@ -102,6 +102,7 @@ class OWNCLOUDSYNC_EXPORT HttpCredentials : public AbstractCredentials
     DetermineAuthTypeJob::AuthType _authType = DetermineAuthTypeJob::AuthType::Unknown;
 
 private:
+    int _tokenRefreshRetriesCount = 0;
     // HttpLegacyCredentials is incompelte
     QPointer<QObject> _credentialMigration;
 };

src/libsync/creds/oauth.cpp

@@ -331,21 +331,21 @@ void OAuth::refreshAuthentication(const QString &refreshToken)
                     error == QLatin1String("invalid_request")) {
                     newRefreshToken.clear();
                 } else {
-                    qCWarning(lcOauth) << tr("Error while refreshing the token: %1 : %2").arg(error, data.value(QStringLiteral("error_description")).toString());
+                    qCWarning(lcOauth) << "Error while refreshing the token:" << error << data.value(QStringLiteral("error_description")).toString();
                 }
             } else if (reply->error() != QNetworkReply::NoError) {
-                qCWarning(lcOauth) << tr("Error while refreshing the token: %1 : %2").arg(reply->errorString(), QString::fromUtf8(jsonData));
+                qCWarning(lcOauth) << "Error while refreshing the token:" << reply->error() << ":" << reply->errorString() << reply->attribute(QNetworkRequest::HttpStatusCodeAttribute) << jsonData;
                 Q_EMIT refreshError(reply->error(), reply->errorString());
                 return;
             } else {
                 if (jsonParseError.error != QJsonParseError::NoError || data.isEmpty()) {
                     // Invalid or empty JSON: Network error maybe?
-                    qCWarning(lcOauth) << tr("Error while refreshing the token: %1 : %2").arg(jsonParseError.errorString(), QString::fromUtf8(jsonData));
+                    qCWarning(lcOauth) << "Error while refreshing the token:" << jsonParseError.errorString() << jsonData;
                 } else {
                     QString error;
                     accessToken = getRequiredField(data, QStringLiteral("access_token"), &error).toString();
                     if (!error.isEmpty()) {
-                        qCWarning(lcOauth) << tr("The reply from the server did not contain all expected fields\n:%1\nReceived data: %2").arg(error, QString::fromUtf8(jsonData));
+                        qCWarning(lcOauth) << "The reply from the server did not contain all expected fields:" << error << "received data:" << jsonData;
                     }
 
                     const auto refresh_token = data.find(QStringLiteral("refresh_token"));