diff --git a/TODO.txt b/TODO.txt index 8540f4a..3b83bcb 100644 --- a/TODO.txt +++ b/TODO.txt @@ -16,8 +16,8 @@ Milestone: v0.2.0 [~] User login [x] User manipulation functions (so we don't use the DB directly) [x] Refresh tokens - [~] Logout - [ ] Delete refresh token if present + [x] Logout + [x] Delete refresh token if present [ ] Logout all [ ] Login fallback (static HTML page) [~] User Interactive @@ -31,14 +31,14 @@ Milestone: v0.2.0 [ ] Document new User functions [ ] Document new JSON functions -[~] Refactor usage of StrDuplicate() +[x] Refactor usage of StrDuplicate() - Functions that keep strings do the duplication, NOT their callers; callers free strings when they are done with them. [x] Remove HashMapGetKey() function [x] HashMap [x] JsonValueString() - [ ] Db + [x] Db Milestone: v0.3.0 ----------------- diff --git a/src/User.c b/src/User.c index b86d837..7bb9010 100644 --- a/src/User.c +++ b/src/User.c @@ -524,19 +524,18 @@ UserAccessTokenFree(UserAccessToken * token) int UserDeleteToken(User * user, char *token) { - char *username = NULL; - char *deviceid = NULL; + char *username; + char *deviceId; + char *refreshToken; - Db *db = NULL; + Db *db; + DbRef *tokenRef; - DbRef *tokenref = NULL; + HashMap *tokenJson; + HashMap *userJson; + HashMap *deviceObj; - HashMap *tokenjson = NULL; - HashMap *userjson = NULL; - HashMap *deviceobject = NULL; - - JsonValue *devicejson = NULL; - JsonValue *deletedval = NULL; + JsonValue *deletedVal; if (!user || !token) { @@ -551,40 +550,48 @@ UserDeleteToken(User * user, char *token) } /* If it does, get it's username. */ - tokenref = DbLock(db, 3, "tokens", "access", token); + tokenRef = DbLock(db, 3, "tokens", "access", token); - if (!tokenref) + if (!tokenRef) { return 0; } - tokenjson = DbJson(tokenref); - username = JsonValueAsString(HashMapGet(tokenjson, "user")); - deviceid = JsonValueAsString(HashMapGet(tokenjson, "device")); + tokenJson = DbJson(tokenRef); + username = JsonValueAsString(HashMapGet(tokenJson, "user")); + deviceId = JsonValueAsString(HashMapGet(tokenJson, "device")); if (strcmp(username, UserGetName(user)) != 0) { /* Token does not match user, do not delete it */ - DbUnlock(db, tokenref); + DbUnlock(db, tokenRef); return 0; } - /* Now delete it from the user */ - userjson = DbJson(user->ref); - devicejson = HashMapGet(userjson, "devices"); - if (JsonValueType(devicejson) == JSON_OBJECT) + userJson = DbJson(user->ref); + deviceObj = JsonValueAsObject(HashMapGet(userJson, "devices")); + + if (!deviceObj) { - /* Delete our object */ - deviceobject = JsonValueAsObject(devicejson); - deletedval = HashMapDelete(deviceobject, deviceid); - if (!deletedval) - { - return 0; - } - JsonValueFree(deletedval); + return 0; } - /* ... and now the token */ - if (!DbUnlock(db, tokenref) || !DbDelete(db, 3, "tokens", "access", token)) + /* Delete refresh token, if present */ + refreshToken = JsonValueAsString(JsonGet(deviceObj, 2, deviceId, "refreshToken")); + if (refreshToken) + { + DbDelete(db, 3, "tokens", "refresh", refreshToken); + } + + /* Delete the device object */ + deletedVal = HashMapDelete(deviceObj, deviceId); + if (!deletedVal) + { + return 0; + } + JsonValueFree(deletedVal); + + /* Delete the access token. */ + if (!DbUnlock(db, tokenRef) || !DbDelete(db, 3, "tokens", "access", token)) { return 0; }