huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(auth): enforces one token per app per user & tests

Browse Source
This commit is contained in:
Dimitrie Stefanescu
2020-06-06 00:06:14 +01:00
parent 165f1cdf64
commit ef1d48c994
3 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/apps/migrations/2020-05-29-thirdpartyapps.js
+1
View File
@@ -43,6 +43,7 @@ exports.up = async knex => {
table.string( 'appId' ).references( 'id' ).inTable( 'server_apps' ).notNullable( ).onDelete( 'cascade' ).index( )
table.string( 'userId' ).references( 'id' ).inTable( 'users' ).notNullable( ).onDelete( 'cascade' ).index( )
table.string( 'tokenId' ).references( 'id' ).inTable( 'api_tokens' ).notNullable( ).onDelete( 'cascade' ).index( )
table.unique( [ 'appId', 'userId' ] )
} )
modules/apps/services/apps.js
+12 -2
View File
@@ -5,8 +5,10 @@ const root = require( 'app-root-path' )
const knex = require( `${root}/db/knex` )
const { createToken, createBareToken } = require( `${root}/modules/core/services/tokens` )
const ApiTokens = ( ) => knex( 'api_tokens' )
const ServerApps = ( ) => knex( 'server_apps' )
const ServerAppsScopes = ( ) => knex( 'server_apps_scopes' )
const ServerAppsTokens = ( ) => knex( 'user_server_app_tokens' )
const Scopes = ( ) => knex( 'scopes' )
const AuthorizationCodes = ( ) => knex( 'authorization_codes' )
@@ -72,8 +74,11 @@ module.exports = {
const { token: appToken } = await createToken( { userId: code.userId, name: `${app.name}-token`, /* lifespan: 1.21e+9, */ scopes: appScopes } )
await ServerAppsTokens( ).insert( { userId: code.userId, tokenId: appToken.slice( 0, 10 ), appId: appId } )
let bareToken = await createBareToken( )
let refreshToken = {
id: bareToken.tokenId,
tokenDigest: bareToken.tokenHash,
@@ -118,11 +123,16 @@ module.exports = {
if ( app.secret !== appSecret )
throw new Error( 'Invalid request' )
console.log( app )
// Create the new token
const { token: appToken } = await createToken( { userId: userId, name: `${app.name}-token`, /* lifespan: 1.21e+9, */ scopes: app.scopes.map( s => s.name ) } )
// Delete previous token, if it exists
let previousToken = await ServerAppsTokens( ).select( 'tokenId' ).where( { appId: appId, userId: userId } ).first( )
if ( previousToken )
await ApiTokens( ).where( { id: previousToken.tokenId } ).del( )
await ServerAppsTokens( ).insert( { userId: userId, tokenId: appToken.slice( 0, 10 ), appId: appId } )
// Create a new refresh token
let bareToken = await createBareToken( )
modules/apps/tests/apps.spec.js
+5 -2
View File
@@ -93,9 +93,12 @@ describe( 'Apps', ( ) => {
it( 'Should refresh the token using the refresh token, and get a fresh refresh token and token', async ( ) => {
let res = await refreshAppToken( { refreshToken: tokenCreateResponse.refreshToken, appId: myTestApp.id, appSecret: myTestApp.secret, userId: actor.id } )
console.log( res )
expect( res.token ).to.be.a( 'string' )
expect( res.refreshToken ).to.be.a( 'string' )
let validation = await validateToken( res.token )
expect( validation.valid ).to.equal( true )
expect( validation.userId ).to.equal( actor.id )
} )