Merge branch 'stable' into next-release

2015-11-20 18:17:08 +01:00 · 2015-11-20 18:17:08 +01:00 · 084654cd3c
commit 084654cd3c
parent ab3577c369 d21742afb6
3 changed files with 24 additions and 24 deletions
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "xo-server",
-  "version": "4.9.1",
+  "version": "4.9.2",
  "license": "AGPL-3.0",
  "description": "Server part of Xen-Orchestra",
  "keywords": [
--- a/src/models/token.js
+++ b/src/models/token.js
@ -1,26 +1,10 @@
 import Collection from '../collection/redis'
 import Model from '../model'
-import {generateToken} from '../utils'

 // ===================================================================

-export default class Token extends Model {
-  static generate (userId) {
-    return generateToken().then(token => new Token({
-      id: token,
-      user_id: userId
-    }))
-  }
-}
+export default class Token extends Model {}

 // -------------------------------------------------------------------

-export class Tokens extends Collection {
-  get Model () {
-    return Token
-  }
-
-  generate (userId) {
-    return Token.generate(userId).then(token => this.add(token))
-  }
-}
+export class Tokens extends Collection {}
--- a/src/xo.js
+++ b/src/xo.js
@ -50,7 +50,7 @@ import {PluginsMetadata} from './models/plugin-metadata'
 import {Remotes} from './models/remote'
 import {Schedules} from './models/schedule'
 import {Servers} from './models/server'
-import {Tokens} from './models/token'
+import Token, {Tokens} from './models/token'
 import {Users} from './models/user'

 // ===================================================================
@ -900,9 +900,15 @@ export default class Xo extends EventEmitter {
  // -----------------------------------------------------------------

  async createAuthenticationToken ({userId}) {
-    // TODO: use plain objects
-    const token = await this._tokens.generate(userId)
+    const token = new Token({
+      id: await generateToken(),
+      user_id: userId,
+      expiration: Date.now() + 1e3 * 60 * 60 * 24 * 30 // 1 month validity.
+    })

+    await this._tokens.add(token)
+
+    // TODO: use plain properties directly.
    return token.properties
  }

@ -913,12 +919,22 @@ export default class Xo extends EventEmitter {
  }

  async getAuthenticationToken (id) {
-    const token = await this._tokens.first(id)
+    let token = await this._tokens.first(id)
    if (!token) {
      throw new NoSuchAuthenticationToken(id)
    }

-    return token.properties
+    token = token.properties
+
+    if (!(
+      token.expiration > Date.now()
+    )) {
+      this._tokens.remove(id).catch(noop)
+
+      throw new NoSuchAuthenticationToken(id)
+    }
+
+    return token
  }

  async _getAuthenticationTokensForUser (userId) {