Also delete refrsh token if present for device.

This commit is contained in:
Jordan Bancino 2023-02-24 01:06:02 +00:00
parent b60cac53e5
commit d517b66316
2 changed files with 41 additions and 34 deletions

View file

@ -16,8 +16,8 @@ Milestone: v0.2.0
[~] User login
[x] User manipulation functions (so we don't use the DB directly)
[x] Refresh tokens
[~] Logout
[ ] Delete refresh token if present
[x] Logout
[x] Delete refresh token if present
[ ] Logout all
[ ] Login fallback (static HTML page)
[~] User Interactive
@ -31,14 +31,14 @@ Milestone: v0.2.0
[ ] Document new User functions
[ ] Document new JSON functions
[~] Refactor usage of StrDuplicate()
[x] Refactor usage of StrDuplicate()
- Functions that keep strings do the duplication,
NOT their callers; callers free strings when they are
done with them.
[x] Remove HashMapGetKey() function
[x] HashMap
[x] JsonValueString()
[ ] Db
[x] Db
Milestone: v0.3.0
-----------------

View file

@ -524,19 +524,18 @@ UserAccessTokenFree(UserAccessToken * token)
int
UserDeleteToken(User * user, char *token)
{
char *username = NULL;
char *deviceid = NULL;
char *username;
char *deviceId;
char *refreshToken;
Db *db = NULL;
Db *db;
DbRef *tokenRef;
DbRef *tokenref = NULL;
HashMap *tokenJson;
HashMap *userJson;
HashMap *deviceObj;
HashMap *tokenjson = NULL;
HashMap *userjson = NULL;
HashMap *deviceobject = NULL;
JsonValue *devicejson = NULL;
JsonValue *deletedval = NULL;
JsonValue *deletedVal;
if (!user || !token)
{
@ -551,40 +550,48 @@ UserDeleteToken(User * user, char *token)
}
/* If it does, get it's username. */
tokenref = DbLock(db, 3, "tokens", "access", token);
tokenRef = DbLock(db, 3, "tokens", "access", token);
if (!tokenref)
if (!tokenRef)
{
return 0;
}
tokenjson = DbJson(tokenref);
username = JsonValueAsString(HashMapGet(tokenjson, "user"));
deviceid = JsonValueAsString(HashMapGet(tokenjson, "device"));
tokenJson = DbJson(tokenRef);
username = JsonValueAsString(HashMapGet(tokenJson, "user"));
deviceId = JsonValueAsString(HashMapGet(tokenJson, "device"));
if (strcmp(username, UserGetName(user)) != 0)
{
/* Token does not match user, do not delete it */
DbUnlock(db, tokenref);
DbUnlock(db, tokenRef);
return 0;
}
/* Now delete it from the user */
userjson = DbJson(user->ref);
devicejson = HashMapGet(userjson, "devices");
if (JsonValueType(devicejson) == JSON_OBJECT)
{
/* Delete our object */
deviceobject = JsonValueAsObject(devicejson);
deletedval = HashMapDelete(deviceobject, deviceid);
if (!deletedval)
userJson = DbJson(user->ref);
deviceObj = JsonValueAsObject(HashMapGet(userJson, "devices"));
if (!deviceObj)
{
return 0;
}
JsonValueFree(deletedval);
/* Delete refresh token, if present */
refreshToken = JsonValueAsString(JsonGet(deviceObj, 2, deviceId, "refreshToken"));
if (refreshToken)
{
DbDelete(db, 3, "tokens", "refresh", refreshToken);
}
/* ... and now the token */
if (!DbUnlock(db, tokenref) || !DbDelete(db, 3, "tokens", "access", token))
/* Delete the device object */
deletedVal = HashMapDelete(deviceObj, deviceId);
if (!deletedVal)
{
return 0;
}
JsonValueFree(deletedVal);
/* Delete the access token. */
if (!DbUnlock(db, tokenRef) || !DbDelete(db, 3, "tokens", "access", token))
{
return 0;
}