github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-26 03:33:58 -05:00
Code Issues Projects Releases Packages Wiki Activity

private: removes collision check for tokens

Browse source 
this seems very unnecessary as the chance of this is 1 / 2^512

Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2021-01-17 20:35:43 +01:00 committed by David Mehren
parent 97f7128355
commit 324ba71d24
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
3 changed files with 10 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/errors/errors.ts
View file

@ -15,7 +15,3 @@ export class ClientError extends Error {
export class PermissionError extends Error {
name = 'PermissionError';
}
export class RandomnessError extends Error {
name = 'RandomnessError';
}

2
src/users/auth-token.entity.ts
View file

@ -22,7 +22,7 @@ export class AuthToken {
@CreateDateColumn()
createdAt: Date;
@Column()
@Column({ unique: true })
accessToken: string;
public static create(

30
src/users/users.service.ts
View file

@ -7,7 +7,7 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { NotInDBError, RandomnessError } from '../errors/errors';
import { NotInDBError } from '../errors/errors';
import { ConsoleLoggerService } from '../logger/console-logger.service';
import { UserInfoDto } from './user-info.dto';
import { User } from './user.entity';
@ -38,26 +38,14 @@ export class UsersService {
identifier: string,
): Promise<AuthToken> {
const user = await this.getUserByUsername(userName);
let accessToken = '';
let randomString = '';
for (let i = 0; i < 100; i++) {
try {
randomString = crypt.randomBytes(64).toString("base64");
accessToken = await this.hashPassword(randomString);
await this.getUserByAuthToken(accessToken);
} catch (NotInDBError) {
const token = AuthToken.create(user, identifier, accessToken);
const createdToken = this.authTokenRepository.save(token);
return {
accessToken: randomString,
...createdToken
}
}
}
// This should never happen
throw new RandomnessError(
'Your machine is not able to generate not-in-use tokens. This should never happen.',
);
const randomString = crypt.randomBytes(64).toString('base64');
const accessToken = await this.hashPassword(randomString);
const token = AuthToken.create(user, identifier, accessToken);
const createdToken = this.authTokenRepository.save(token);
return {
accessToken: randomString,
...createdToken,
};
}
async deleteUser(userName: string) {