mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-26 11:43:59 -05:00
private: removes collision check for tokens
this seems very unnecessary as the chance of this is 1 / 2^512 Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
parent
97f7128355
commit
324ba71d24
3 changed files with 10 additions and 26 deletions
|
@ -15,7 +15,3 @@ export class ClientError extends Error {
|
|||
export class PermissionError extends Error {
|
||||
name = 'PermissionError';
|
||||
}
|
||||
|
||||
export class RandomnessError extends Error {
|
||||
name = 'RandomnessError';
|
||||
}
|
||||
|
|
|
@ -22,7 +22,7 @@ export class AuthToken {
|
|||
@CreateDateColumn()
|
||||
createdAt: Date;
|
||||
|
||||
@Column()
|
||||
@Column({ unique: true })
|
||||
accessToken: string;
|
||||
|
||||
public static create(
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
import { Injectable } from '@nestjs/common';
|
||||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { Repository } from 'typeorm';
|
||||
import { NotInDBError, RandomnessError } from '../errors/errors';
|
||||
import { NotInDBError } from '../errors/errors';
|
||||
import { ConsoleLoggerService } from '../logger/console-logger.service';
|
||||
import { UserInfoDto } from './user-info.dto';
|
||||
import { User } from './user.entity';
|
||||
|
@ -38,26 +38,14 @@ export class UsersService {
|
|||
identifier: string,
|
||||
): Promise<AuthToken> {
|
||||
const user = await this.getUserByUsername(userName);
|
||||
let accessToken = '';
|
||||
let randomString = '';
|
||||
for (let i = 0; i < 100; i++) {
|
||||
try {
|
||||
randomString = crypt.randomBytes(64).toString("base64");
|
||||
accessToken = await this.hashPassword(randomString);
|
||||
await this.getUserByAuthToken(accessToken);
|
||||
} catch (NotInDBError) {
|
||||
const randomString = crypt.randomBytes(64).toString('base64');
|
||||
const accessToken = await this.hashPassword(randomString);
|
||||
const token = AuthToken.create(user, identifier, accessToken);
|
||||
const createdToken = this.authTokenRepository.save(token);
|
||||
return {
|
||||
accessToken: randomString,
|
||||
...createdToken
|
||||
}
|
||||
}
|
||||
}
|
||||
// This should never happen
|
||||
throw new RandomnessError(
|
||||
'Your machine is not able to generate not-in-use tokens. This should never happen.',
|
||||
);
|
||||
...createdToken,
|
||||
};
|
||||
}
|
||||
|
||||
async deleteUser(userName: string) {
|
||||
|
|
Loading…
Reference in a new issue