Also delete refrsh token if present for device.

2023-02-24 01:06:02 +00:00 · 2023-02-24 01:06:02 +00:00 · d517b66316
commit d517b66316
parent b60cac53e5
2 changed files with 41 additions and 34 deletions
--- a/TODO.txt
+++ b/TODO.txt
@ -16,8 +16,8 @@ Milestone: v0.2.0
 [~] User login
    [x] User manipulation functions (so we don't use the DB directly)
    [x] Refresh tokens
-    [~] Logout
-        [ ] Delete refresh token if present
+    [x] Logout
+        [x] Delete refresh token if present
    [ ] Logout all
    [ ] Login fallback (static HTML page)
 [~] User Interactive
@ -31,14 +31,14 @@ Milestone: v0.2.0
 [ ] Document new User functions
 [ ] Document new JSON functions

-[~] Refactor usage of StrDuplicate()
+[x] Refactor usage of StrDuplicate()
    - Functions that keep strings do the duplication,
      NOT their callers; callers free strings when they are
      done with them.
    [x] Remove HashMapGetKey() function
    [x] HashMap
    [x] JsonValueString()
-    [ ] Db
+    [x] Db

 Milestone: v0.3.0
 -----------------
--- a/src/User.c
+++ b/src/User.c
@ -524,19 +524,18 @@ UserAccessTokenFree(UserAccessToken * token)
 int
 UserDeleteToken(User * user, char *token)
 {
-    char *username = NULL;
-    char *deviceid = NULL;
+    char *username;
+    char *deviceId;
+    char *refreshToken;

-    Db *db = NULL;
+    Db *db;
+    DbRef *tokenRef;

-    DbRef *tokenref = NULL;
+    HashMap *tokenJson;
+    HashMap *userJson;
+    HashMap *deviceObj;

-    HashMap *tokenjson = NULL;
-    HashMap *userjson = NULL;
-    HashMap *deviceobject = NULL;
-
-    JsonValue *devicejson = NULL;
-    JsonValue *deletedval = NULL;
+    JsonValue *deletedVal;

    if (!user || !token)
    {
@ -551,40 +550,48 @@ UserDeleteToken(User * user, char *token)
    }

    /* If it does, get it's username. */
-    tokenref = DbLock(db, 3, "tokens", "access", token);
+    tokenRef = DbLock(db, 3, "tokens", "access", token);

-    if (!tokenref)
+    if (!tokenRef)
    {
        return 0;
    }
-    tokenjson = DbJson(tokenref);
-    username = JsonValueAsString(HashMapGet(tokenjson, "user"));
-    deviceid = JsonValueAsString(HashMapGet(tokenjson, "device"));
+    tokenJson = DbJson(tokenRef);
+    username = JsonValueAsString(HashMapGet(tokenJson, "user"));
+    deviceId = JsonValueAsString(HashMapGet(tokenJson, "device"));

    if (strcmp(username, UserGetName(user)) != 0)
    {
        /* Token does not match user, do not delete it */
-        DbUnlock(db, tokenref);
+        DbUnlock(db, tokenRef);
        return 0;
    }

-    /* Now delete it from the user */
-    userjson = DbJson(user->ref);
-    devicejson = HashMapGet(userjson, "devices");
-    if (JsonValueType(devicejson) == JSON_OBJECT)
+    userJson = DbJson(user->ref);
+    deviceObj = JsonValueAsObject(HashMapGet(userJson, "devices"));
+
+    if (!deviceObj)
    {
-        /* Delete our object */
-        deviceobject = JsonValueAsObject(devicejson);
-        deletedval = HashMapDelete(deviceobject, deviceid);
-        if (!deletedval)
-        {
-            return 0;
-        }
-        JsonValueFree(deletedval);
+        return 0;
    }

-    /* ... and now the token */
-    if (!DbUnlock(db, tokenref) || !DbDelete(db, 3, "tokens", "access", token))
+    /* Delete refresh token, if present */
+    refreshToken = JsonValueAsString(JsonGet(deviceObj, 2, deviceId, "refreshToken"));
+    if (refreshToken)
+    {
+        DbDelete(db, 3, "tokens", "refresh", refreshToken);
+    }
+
+    /* Delete the device object */
+    deletedVal = HashMapDelete(deviceObj, deviceId);
+    if (!deletedVal)
+    {
+        return 0;
+    }
+    JsonValueFree(deletedVal);
+
+    /* Delete the access token. */
+    if (!DbUnlock(db, tokenRef) || !DbDelete(db, 3, "tokens", "access", token))
    {
        return 0;
    }