passing auth token tests

2025-02-25 18:55:37 -06:00 · 2019-01-21 15:06:33 +01:00
parent 565408194a
commit dd8476d81a
2 changed files with 22 additions and 14 deletions
--- a/pkg/services/auth/auth_token.go
+++ b/pkg/services/auth/auth_token.go
@@ -3,6 +3,7 @@ package auth
 import (
 	"crypto/sha256"
 	"encoding/hex"
+	"fmt"
 	"net/http"
 	"net/url"
 	"time"
@@ -22,8 +23,8 @@ func init() {

 var (
 	now              = time.Now
-	RotateTime       = 1 * time.Minute // this should be read from [session] configuration.
-	UrgentRotateTime = 30 * time.Second
+	RotateTime       = 30 * time.Second
+	UrgentRotateTime = 10 * time.Second
 	oneYearInSeconds = 31557600 //used as default maxage for session cookies. We validate/rotate them more often.
 )

@@ -154,17 +155,18 @@ func (s *UserAuthTokenService) LookupToken(unhashedToken string) (*models.UserAu
 	}

 	if userToken.AuthToken != hashedToken && userToken.PrevAuthToken == hashedToken && userToken.AuthTokenSeen {
-		userToken.AuthTokenSeen = false
-		expireBefore := now().Add(-RotateTime).Unix()
-		affectedRows, err := s.SQLStore.NewSession().Where("id = ? AND prev_auth_token = ? AND rotated_at < ?", userToken.Id, userToken.PrevAuthToken, expireBefore).AllCols().Update(&userToken)
+		userTokenCopy := userToken
+		userTokenCopy.AuthTokenSeen = false
+		expireBefore := now().Add(-UrgentRotateTime).Unix()
+		affectedRows, err := s.SQLStore.NewSession().Where("id = ? AND prev_auth_token = ? AND rotated_at < ?", userTokenCopy.Id, userTokenCopy.PrevAuthToken, expireBefore).AllCols().Update(&userTokenCopy)
 		if err != nil {
 			return nil, err
 		}

 		if affectedRows == 0 {
-			s.log.Debug("prev seen token unchanged", "userTokenId", userToken.Id, "userId", userToken.UserId, "authToken", userToken.AuthToken, "clientIP", userToken.ClientIp, "userAgent", userToken.UserAgent)
+			fmt.Println("prev seen token unchanged", "userTokenId", userToken.Id, "userId", userToken.UserId, "authToken", userToken.AuthToken, "clientIP", userToken.ClientIp, "userAgent", userToken.UserAgent)
 		} else {
-			s.log.Debug("prev seen token", "userTokenId", userToken.Id, "userId", userToken.UserId, "authToken", userToken.AuthToken, "clientIP", userToken.ClientIp, "userAgent", userToken.UserAgent)
+			fmt.Println("prev seen token", "userTokenId", userToken.Id, "userId", userToken.UserId, "authToken", userToken.AuthToken, "clientIP", userToken.ClientIp, "userAgent", userToken.UserAgent)
 		}
 	}

@@ -182,9 +184,9 @@ func (s *UserAuthTokenService) LookupToken(unhashedToken string) (*models.UserAu
 		}

 		if affectedRows == 0 {
-			s.log.Debug("seen wrong token", "userTokenId", userToken.Id, "userId", userToken.UserId, "authToken", userToken.AuthToken, "clientIP", userToken.ClientIp, "userAgent", userToken.UserAgent)
+			fmt.Println("seen wrong token", "userTokenId", userToken.Id, "userId", userToken.UserId, "authToken", userToken.AuthToken, "clientIP", userToken.ClientIp, "userAgent", userToken.UserAgent)
 		} else {
-			s.log.Debug("seen token", "userTokenId", userToken.Id, "userId", userToken.UserId, "authToken", userToken.AuthToken, "clientIP", userToken.ClientIp, "userAgent", userToken.UserAgent)
+			fmt.Println("seen token", "userTokenId", userToken.Id, "userId", userToken.UserId, "authToken", userToken.AuthToken, "clientIP", userToken.ClientIp, "userAgent", userToken.UserAgent)
 		}
 	}

--- a/pkg/services/auth/auth_token_test.go
+++ b/pkg/services/auth/auth_token_test.go
@@ -95,11 +95,13 @@ func TestUserAuthToken(t *testing.T) {
 			So(err, ShouldBeNil)
 			So(refreshed, ShouldBeFalse)

-			ctx.markAuthTokenAsSeen(token.Id)
+			updated, err := ctx.markAuthTokenAsSeen(token.Id)
+			So(err, ShouldBeNil)
+			So(updated, ShouldBeTrue)
+
 			token, err = ctx.getAuthTokenByID(token.Id)
 			So(err, ShouldBeNil)

-			// ability to auth using an old token
 			now = func() time.Time {
 				return t.Add(time.Hour)
 			}
@@ -114,31 +116,35 @@ func TestUserAuthToken(t *testing.T) {
 			So(err, ShouldBeNil)
 			token.UnhashedToken = unhashedToken

-			So(token.RotatedAt, ShouldEqual, t.Unix())
+			So(token.RotatedAt, ShouldEqual, now().Unix())
 			So(token.ClientIp, ShouldEqual, "192.168.10.12")
 			So(token.UserAgent, ShouldEqual, "a new user agent")
 			So(token.AuthTokenSeen, ShouldBeFalse)
 			So(token.SeenAt, ShouldEqual, 0)
 			So(token.PrevAuthToken, ShouldEqual, prevToken)

+			// ability to auth using an old token
+
 			lookedUp, err := userAuthTokenService.LookupToken(token.UnhashedToken)
 			So(err, ShouldBeNil)
 			So(lookedUp, ShouldNotBeNil)
 			So(lookedUp.AuthTokenSeen, ShouldBeTrue)
-			So(lookedUp.SeenAt, ShouldEqual, t.Unix())
+			So(lookedUp.SeenAt, ShouldEqual, now().Unix())

 			lookedUp, err = userAuthTokenService.LookupToken(unhashedPrev)
 			So(err, ShouldBeNil)
 			So(lookedUp, ShouldNotBeNil)
 			So(lookedUp.Id, ShouldEqual, token.Id)
+			So(lookedUp.AuthTokenSeen, ShouldBeTrue)

 			now = func() time.Time {
-				return t.Add(2 * time.Minute)
+				return t.Add(time.Hour + (2 * time.Minute))
 			}

 			lookedUp, err = userAuthTokenService.LookupToken(unhashedPrev)
 			So(err, ShouldBeNil)
 			So(lookedUp, ShouldNotBeNil)
+			So(lookedUp.AuthTokenSeen, ShouldBeTrue)

 			lookedUp, err = ctx.getAuthTokenByID(lookedUp.Id)
 			So(err, ShouldBeNil)