forked from lda/telodendria
Also delete refrsh token if present for device.
This commit is contained in:
parent
b60cac53e5
commit
d517b66316
2 changed files with 41 additions and 34 deletions
8
TODO.txt
8
TODO.txt
|
@ -16,8 +16,8 @@ Milestone: v0.2.0
|
|||
[~] User login
|
||||
[x] User manipulation functions (so we don't use the DB directly)
|
||||
[x] Refresh tokens
|
||||
[~] Logout
|
||||
[ ] Delete refresh token if present
|
||||
[x] Logout
|
||||
[x] Delete refresh token if present
|
||||
[ ] Logout all
|
||||
[ ] Login fallback (static HTML page)
|
||||
[~] User Interactive
|
||||
|
@ -31,14 +31,14 @@ Milestone: v0.2.0
|
|||
[ ] Document new User functions
|
||||
[ ] Document new JSON functions
|
||||
|
||||
[~] Refactor usage of StrDuplicate()
|
||||
[x] Refactor usage of StrDuplicate()
|
||||
- Functions that keep strings do the duplication,
|
||||
NOT their callers; callers free strings when they are
|
||||
done with them.
|
||||
[x] Remove HashMapGetKey() function
|
||||
[x] HashMap
|
||||
[x] JsonValueString()
|
||||
[ ] Db
|
||||
[x] Db
|
||||
|
||||
Milestone: v0.3.0
|
||||
-----------------
|
||||
|
|
67
src/User.c
67
src/User.c
|
@ -524,19 +524,18 @@ UserAccessTokenFree(UserAccessToken * token)
|
|||
int
|
||||
UserDeleteToken(User * user, char *token)
|
||||
{
|
||||
char *username = NULL;
|
||||
char *deviceid = NULL;
|
||||
char *username;
|
||||
char *deviceId;
|
||||
char *refreshToken;
|
||||
|
||||
Db *db = NULL;
|
||||
Db *db;
|
||||
DbRef *tokenRef;
|
||||
|
||||
DbRef *tokenref = NULL;
|
||||
HashMap *tokenJson;
|
||||
HashMap *userJson;
|
||||
HashMap *deviceObj;
|
||||
|
||||
HashMap *tokenjson = NULL;
|
||||
HashMap *userjson = NULL;
|
||||
HashMap *deviceobject = NULL;
|
||||
|
||||
JsonValue *devicejson = NULL;
|
||||
JsonValue *deletedval = NULL;
|
||||
JsonValue *deletedVal;
|
||||
|
||||
if (!user || !token)
|
||||
{
|
||||
|
@ -551,40 +550,48 @@ UserDeleteToken(User * user, char *token)
|
|||
}
|
||||
|
||||
/* If it does, get it's username. */
|
||||
tokenref = DbLock(db, 3, "tokens", "access", token);
|
||||
tokenRef = DbLock(db, 3, "tokens", "access", token);
|
||||
|
||||
if (!tokenref)
|
||||
if (!tokenRef)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
tokenjson = DbJson(tokenref);
|
||||
username = JsonValueAsString(HashMapGet(tokenjson, "user"));
|
||||
deviceid = JsonValueAsString(HashMapGet(tokenjson, "device"));
|
||||
tokenJson = DbJson(tokenRef);
|
||||
username = JsonValueAsString(HashMapGet(tokenJson, "user"));
|
||||
deviceId = JsonValueAsString(HashMapGet(tokenJson, "device"));
|
||||
|
||||
if (strcmp(username, UserGetName(user)) != 0)
|
||||
{
|
||||
/* Token does not match user, do not delete it */
|
||||
DbUnlock(db, tokenref);
|
||||
DbUnlock(db, tokenRef);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Now delete it from the user */
|
||||
userjson = DbJson(user->ref);
|
||||
devicejson = HashMapGet(userjson, "devices");
|
||||
if (JsonValueType(devicejson) == JSON_OBJECT)
|
||||
userJson = DbJson(user->ref);
|
||||
deviceObj = JsonValueAsObject(HashMapGet(userJson, "devices"));
|
||||
|
||||
if (!deviceObj)
|
||||
{
|
||||
/* Delete our object */
|
||||
deviceobject = JsonValueAsObject(devicejson);
|
||||
deletedval = HashMapDelete(deviceobject, deviceid);
|
||||
if (!deletedval)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
JsonValueFree(deletedval);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* ... and now the token */
|
||||
if (!DbUnlock(db, tokenref) || !DbDelete(db, 3, "tokens", "access", token))
|
||||
/* Delete refresh token, if present */
|
||||
refreshToken = JsonValueAsString(JsonGet(deviceObj, 2, deviceId, "refreshToken"));
|
||||
if (refreshToken)
|
||||
{
|
||||
DbDelete(db, 3, "tokens", "refresh", refreshToken);
|
||||
}
|
||||
|
||||
/* Delete the device object */
|
||||
deletedVal = HashMapDelete(deviceObj, deviceId);
|
||||
if (!deletedVal)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
JsonValueFree(deletedVal);
|
||||
|
||||
/* Delete the access token. */
|
||||
if (!DbUnlock(db, tokenRef) || !DbDelete(db, 3, "tokens", "access", token))
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue