NuKVM/xen-orchestra
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #138 from vatesfr/julienf-fix-tokens-expiration

Browse Source 
Auth tokens expires after one month (side effect: remove old tokens).
This commit is contained in:
Julien Fontanet 2015-11-20 18:05:03 +01:00
commit b5259384e8
2 changed files with 24 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/models/token.js
View File

@ -1,26 +1,10 @@
import Collection from '../collection/redis' import Collection from '../collection/redis'
import Model from '../model' import Model from '../model'
import {generateToken} from '../utils'
// =================================================================== // ===================================================================
export default class Token extends Model { export default class Token extends Model {}
static generate (userId) {
return generateToken().then(token => new Token({
id: token,
user_id: userId
}))
}
}
// ------------------------------------------------------------------- // -------------------------------------------------------------------
export class Tokens extends Collection { export class Tokens extends Collection {}
get Model () {
return Token
}
generate (userId) {
return Token.generate(userId).then(token => this.add(token))
}
}

27
src/xo.js
View File

@ -34,6 +34,7 @@ import {
forEach, forEach,
isEmpty, isEmpty,
mapToArray, mapToArray,
noop,
safeDateFormat safeDateFormat
} from './utils' } from './utils'
import {generateToken} from './utils' import {generateToken} from './utils'
@ -50,7 +51,7 @@ import {PluginsMetadata} from './models/plugin-metadata'
import {Remotes} from './models/remote' import {Remotes} from './models/remote'
import {Schedules} from './models/schedule' import {Schedules} from './models/schedule'
import {Servers} from './models/server' import {Servers} from './models/server'
import {Tokens} from './models/token' import Token, {Tokens} from './models/token'
import {Users} from './models/user' import {Users} from './models/user'
// =================================================================== // ===================================================================
@ -873,9 +874,15 @@ export default class Xo extends EventEmitter {
// ----------------------------------------------------------------- // -----------------------------------------------------------------
async createAuthenticationToken ({userId}) { async createAuthenticationToken ({userId}) {
// TODO: use plain objects const token = new Token({
const token = await this._tokens.generate(userId) id: await generateToken(),
user_id: userId,
expiration: Date.now() + 1e3 * 60 * 60 * 24 * 30 // 1 month validity.
})
await this._tokens.add(token)
// TODO: use plain properties directly.
return token.properties return token.properties
} }
@ -886,12 +893,22 @@ export default class Xo extends EventEmitter {
} }
async getAuthenticationToken (id) { async getAuthenticationToken (id) {
const token = await this._tokens.first(id) let token = await this._tokens.first(id)
if (!token) { if (!token) {
throw new NoSuchAuthenticationToken(id) throw new NoSuchAuthenticationToken(id)
} }
return token.properties token = token.properties
if (!(
token.expiration > Date.now()
)) {
this._tokens.remove(id).catch(noop)
throw new NoSuchAuthenticationToken(id)
}
return token
} }
// ----------------------------------------------------------------- // -----------------------------------------------------------------