forked from lda/telodendria
Also delete refrsh token if present for device.
This commit is contained in:
parent
b60cac53e5
commit
d517b66316
2 changed files with 41 additions and 34 deletions
8
TODO.txt
8
TODO.txt
|
@ -16,8 +16,8 @@ Milestone: v0.2.0
|
||||||
[~] User login
|
[~] User login
|
||||||
[x] User manipulation functions (so we don't use the DB directly)
|
[x] User manipulation functions (so we don't use the DB directly)
|
||||||
[x] Refresh tokens
|
[x] Refresh tokens
|
||||||
[~] Logout
|
[x] Logout
|
||||||
[ ] Delete refresh token if present
|
[x] Delete refresh token if present
|
||||||
[ ] Logout all
|
[ ] Logout all
|
||||||
[ ] Login fallback (static HTML page)
|
[ ] Login fallback (static HTML page)
|
||||||
[~] User Interactive
|
[~] User Interactive
|
||||||
|
@ -31,14 +31,14 @@ Milestone: v0.2.0
|
||||||
[ ] Document new User functions
|
[ ] Document new User functions
|
||||||
[ ] Document new JSON functions
|
[ ] Document new JSON functions
|
||||||
|
|
||||||
[~] Refactor usage of StrDuplicate()
|
[x] Refactor usage of StrDuplicate()
|
||||||
- Functions that keep strings do the duplication,
|
- Functions that keep strings do the duplication,
|
||||||
NOT their callers; callers free strings when they are
|
NOT their callers; callers free strings when they are
|
||||||
done with them.
|
done with them.
|
||||||
[x] Remove HashMapGetKey() function
|
[x] Remove HashMapGetKey() function
|
||||||
[x] HashMap
|
[x] HashMap
|
||||||
[x] JsonValueString()
|
[x] JsonValueString()
|
||||||
[ ] Db
|
[x] Db
|
||||||
|
|
||||||
Milestone: v0.3.0
|
Milestone: v0.3.0
|
||||||
-----------------
|
-----------------
|
||||||
|
|
63
src/User.c
63
src/User.c
|
@ -524,19 +524,18 @@ UserAccessTokenFree(UserAccessToken * token)
|
||||||
int
|
int
|
||||||
UserDeleteToken(User * user, char *token)
|
UserDeleteToken(User * user, char *token)
|
||||||
{
|
{
|
||||||
char *username = NULL;
|
char *username;
|
||||||
char *deviceid = NULL;
|
char *deviceId;
|
||||||
|
char *refreshToken;
|
||||||
|
|
||||||
Db *db = NULL;
|
Db *db;
|
||||||
|
DbRef *tokenRef;
|
||||||
|
|
||||||
DbRef *tokenref = NULL;
|
HashMap *tokenJson;
|
||||||
|
HashMap *userJson;
|
||||||
|
HashMap *deviceObj;
|
||||||
|
|
||||||
HashMap *tokenjson = NULL;
|
JsonValue *deletedVal;
|
||||||
HashMap *userjson = NULL;
|
|
||||||
HashMap *deviceobject = NULL;
|
|
||||||
|
|
||||||
JsonValue *devicejson = NULL;
|
|
||||||
JsonValue *deletedval = NULL;
|
|
||||||
|
|
||||||
if (!user || !token)
|
if (!user || !token)
|
||||||
{
|
{
|
||||||
|
@ -551,40 +550,48 @@ UserDeleteToken(User * user, char *token)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If it does, get it's username. */
|
/* If it does, get it's username. */
|
||||||
tokenref = DbLock(db, 3, "tokens", "access", token);
|
tokenRef = DbLock(db, 3, "tokens", "access", token);
|
||||||
|
|
||||||
if (!tokenref)
|
if (!tokenRef)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
tokenjson = DbJson(tokenref);
|
tokenJson = DbJson(tokenRef);
|
||||||
username = JsonValueAsString(HashMapGet(tokenjson, "user"));
|
username = JsonValueAsString(HashMapGet(tokenJson, "user"));
|
||||||
deviceid = JsonValueAsString(HashMapGet(tokenjson, "device"));
|
deviceId = JsonValueAsString(HashMapGet(tokenJson, "device"));
|
||||||
|
|
||||||
if (strcmp(username, UserGetName(user)) != 0)
|
if (strcmp(username, UserGetName(user)) != 0)
|
||||||
{
|
{
|
||||||
/* Token does not match user, do not delete it */
|
/* Token does not match user, do not delete it */
|
||||||
DbUnlock(db, tokenref);
|
DbUnlock(db, tokenRef);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Now delete it from the user */
|
userJson = DbJson(user->ref);
|
||||||
userjson = DbJson(user->ref);
|
deviceObj = JsonValueAsObject(HashMapGet(userJson, "devices"));
|
||||||
devicejson = HashMapGet(userjson, "devices");
|
|
||||||
if (JsonValueType(devicejson) == JSON_OBJECT)
|
if (!deviceObj)
|
||||||
{
|
|
||||||
/* Delete our object */
|
|
||||||
deviceobject = JsonValueAsObject(devicejson);
|
|
||||||
deletedval = HashMapDelete(deviceobject, deviceid);
|
|
||||||
if (!deletedval)
|
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
JsonValueFree(deletedval);
|
|
||||||
|
/* Delete refresh token, if present */
|
||||||
|
refreshToken = JsonValueAsString(JsonGet(deviceObj, 2, deviceId, "refreshToken"));
|
||||||
|
if (refreshToken)
|
||||||
|
{
|
||||||
|
DbDelete(db, 3, "tokens", "refresh", refreshToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ... and now the token */
|
/* Delete the device object */
|
||||||
if (!DbUnlock(db, tokenref) || !DbDelete(db, 3, "tokens", "access", token))
|
deletedVal = HashMapDelete(deviceObj, deviceId);
|
||||||
|
if (!deletedVal)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
JsonValueFree(deletedVal);
|
||||||
|
|
||||||
|
/* Delete the access token. */
|
||||||
|
if (!DbUnlock(db, tokenRef) || !DbDelete(db, 3, "tokens", "access", token))
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue