Also delete refrsh token if present for device.

This commit is contained in:
Jordan Bancino 2023-02-24 01:06:02 +00:00
parent b60cac53e5
commit d517b66316
2 changed files with 41 additions and 34 deletions

View file

@ -16,8 +16,8 @@ Milestone: v0.2.0
[~] User login [~] User login
[x] User manipulation functions (so we don't use the DB directly) [x] User manipulation functions (so we don't use the DB directly)
[x] Refresh tokens [x] Refresh tokens
[~] Logout [x] Logout
[ ] Delete refresh token if present [x] Delete refresh token if present
[ ] Logout all [ ] Logout all
[ ] Login fallback (static HTML page) [ ] Login fallback (static HTML page)
[~] User Interactive [~] User Interactive
@ -31,14 +31,14 @@ Milestone: v0.2.0
[ ] Document new User functions [ ] Document new User functions
[ ] Document new JSON functions [ ] Document new JSON functions
[~] Refactor usage of StrDuplicate() [x] Refactor usage of StrDuplicate()
- Functions that keep strings do the duplication, - Functions that keep strings do the duplication,
NOT their callers; callers free strings when they are NOT their callers; callers free strings when they are
done with them. done with them.
[x] Remove HashMapGetKey() function [x] Remove HashMapGetKey() function
[x] HashMap [x] HashMap
[x] JsonValueString() [x] JsonValueString()
[ ] Db [x] Db
Milestone: v0.3.0 Milestone: v0.3.0
----------------- -----------------

View file

@ -524,19 +524,18 @@ UserAccessTokenFree(UserAccessToken * token)
int int
UserDeleteToken(User * user, char *token) UserDeleteToken(User * user, char *token)
{ {
char *username = NULL; char *username;
char *deviceid = NULL; char *deviceId;
char *refreshToken;
Db *db = NULL; Db *db;
DbRef *tokenRef;
DbRef *tokenref = NULL; HashMap *tokenJson;
HashMap *userJson;
HashMap *deviceObj;
HashMap *tokenjson = NULL; JsonValue *deletedVal;
HashMap *userjson = NULL;
HashMap *deviceobject = NULL;
JsonValue *devicejson = NULL;
JsonValue *deletedval = NULL;
if (!user || !token) if (!user || !token)
{ {
@ -551,40 +550,48 @@ UserDeleteToken(User * user, char *token)
} }
/* If it does, get it's username. */ /* If it does, get it's username. */
tokenref = DbLock(db, 3, "tokens", "access", token); tokenRef = DbLock(db, 3, "tokens", "access", token);
if (!tokenref) if (!tokenRef)
{ {
return 0; return 0;
} }
tokenjson = DbJson(tokenref); tokenJson = DbJson(tokenRef);
username = JsonValueAsString(HashMapGet(tokenjson, "user")); username = JsonValueAsString(HashMapGet(tokenJson, "user"));
deviceid = JsonValueAsString(HashMapGet(tokenjson, "device")); deviceId = JsonValueAsString(HashMapGet(tokenJson, "device"));
if (strcmp(username, UserGetName(user)) != 0) if (strcmp(username, UserGetName(user)) != 0)
{ {
/* Token does not match user, do not delete it */ /* Token does not match user, do not delete it */
DbUnlock(db, tokenref); DbUnlock(db, tokenRef);
return 0; return 0;
} }
/* Now delete it from the user */ userJson = DbJson(user->ref);
userjson = DbJson(user->ref); deviceObj = JsonValueAsObject(HashMapGet(userJson, "devices"));
devicejson = HashMapGet(userjson, "devices");
if (JsonValueType(devicejson) == JSON_OBJECT) if (!deviceObj)
{ {
/* Delete our object */ return 0;
deviceobject = JsonValueAsObject(devicejson);
deletedval = HashMapDelete(deviceobject, deviceid);
if (!deletedval)
{
return 0;
}
JsonValueFree(deletedval);
} }
/* ... and now the token */ /* Delete refresh token, if present */
if (!DbUnlock(db, tokenref) || !DbDelete(db, 3, "tokens", "access", token)) refreshToken = JsonValueAsString(JsonGet(deviceObj, 2, deviceId, "refreshToken"));
if (refreshToken)
{
DbDelete(db, 3, "tokens", "refresh", refreshToken);
}
/* Delete the device object */
deletedVal = HashMapDelete(deviceObj, deviceId);
if (!deletedVal)
{
return 0;
}
JsonValueFree(deletedVal);
/* Delete the access token. */
if (!DbUnlock(db, tokenRef) || !DbDelete(db, 3, "tokens", "access", token))
{ {
return 0; return 0;
} }