handle expired tokens

2025-02-25 18:55:37 -06:00 · 2019-01-21 13:22:20 +01:00
parent 697ddccd8e
commit 565408194a
2 changed files with 15 additions and 5 deletions
--- a/pkg/services/auth/auth_token.go
+++ b/pkg/services/auth/auth_token.go
@@ -141,9 +141,10 @@ func (s *UserAuthTokenService) CreateToken(userId int64, clientIP, userAgent str

 func (s *UserAuthTokenService) LookupToken(unhashedToken string) (*models.UserAuthToken, error) {
 	hashedToken := hashToken(unhashedToken)
+	expireBefore := now().Add(time.Duration(-86400*setting.LogInRememberDays) * time.Second).Unix()

 	var userToken models.UserAuthToken
-	exists, err := s.SQLStore.NewSession().Where("auth_token = ? OR prev_auth_token = ?", hashedToken, hashedToken).Get(&userToken)
+	exists, err := s.SQLStore.NewSession().Where("(auth_token = ? OR prev_auth_token = ?) AND created_at > ?", hashedToken, hashedToken, expireBefore).Get(&userToken)
 	if err != nil {
 		return nil, err
 	}
--- a/pkg/services/auth/auth_token_test.go
+++ b/pkg/services/auth/auth_token_test.go
@@ -4,6 +4,8 @@ import (
 	"testing"
 	"time"

+	"github.com/grafana/grafana/pkg/setting"
+
 	"github.com/grafana/grafana/pkg/log"
 	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
@@ -58,9 +60,13 @@ func TestUserAuthToken(t *testing.T) {
 			token, err = ctx.getAuthTokenByID(token.Id)
 			So(err, ShouldBeNil)

-			// set now (now - 23 hours)
-			_, err = userAuthTokenService.RefreshToken(token, "192.168.10.11:1234", "some user agent")
+			now = func() time.Time {
+				return t.Add(time.Hour)
+			}
+
+			refreshed, err := userAuthTokenService.RefreshToken(token, "192.168.10.11:1234", "some user agent")
 			So(err, ShouldBeNil)
+			So(refreshed, ShouldBeTrue)

 			_, err = userAuthTokenService.LookupToken(token.UnhashedToken)
 			So(err, ShouldBeNil)
@@ -69,7 +75,9 @@ func TestUserAuthToken(t *testing.T) {
 			So(err, ShouldBeNil)
 			So(stillGood, ShouldNotBeNil)

-			// set now (new - 2 hours)
+			now = func() time.Time {
+				return t.Add(24 * 7 * time.Hour)
+			}
 			notGood, err := userAuthTokenService.LookupToken(token.UnhashedToken)
 			So(err, ShouldEqual, ErrAuthTokenNotFound)
 			So(notGood, ShouldBeNil)
@@ -93,7 +101,7 @@ func TestUserAuthToken(t *testing.T) {

 			// ability to auth using an old token
 			now = func() time.Time {
-				return t
+				return t.Add(time.Hour)
 			}

 			refreshed, err = userAuthTokenService.RefreshToken(token, "192.168.10.12:1234", "a new user agent")
@@ -172,6 +180,7 @@ func createTestContext(t *testing.T) *testContext {

 	RotateTime = 10 * time.Minute
 	UrgentRotateTime = time.Minute
+	setting.LogInRememberDays = 7

 	return &testContext{
 		sqlstore:     sqlstore,