diff --git a/src/api/private/tokens/tokens.controller.ts b/src/api/private/tokens/tokens.controller.ts index 94223172b..da9a81742 100644 --- a/src/api/private/tokens/tokens.controller.ts +++ b/src/api/private/tokens/tokens.controller.ts @@ -51,11 +51,7 @@ export class TokensController { @Body('validUntil') validUntil: TimestampMillis, @RequestUser() user: User, ): Promise { - return await this.authService.createTokenForUser( - user.username, - label, - validUntil, - ); + return await this.authService.createTokenForUser(user, label, validUntil); } @Delete('/:keyId') diff --git a/src/auth/auth.service.spec.ts b/src/auth/auth.service.spec.ts index 99f364165..ccb6db507 100644 --- a/src/auth/auth.service.spec.ts +++ b/src/auth/auth.service.spec.ts @@ -229,10 +229,7 @@ describe('AuthService', () => { describe('works', () => { const identifier = 'testIdentifier'; it('with validUntil 0', async () => { - jest.spyOn(userRepo, 'findOne').mockResolvedValueOnce({ - ...user, - authTokens: [authToken], - }); + jest.spyOn(authTokenRepo, 'find').mockResolvedValueOnce([authToken]); jest .spyOn(authTokenRepo, 'save') .mockImplementationOnce( @@ -241,11 +238,7 @@ describe('AuthService', () => { return authTokenSaved; }, ); - const token = await service.createTokenForUser( - user.username, - identifier, - 0, - ); + const token = await service.createTokenForUser(user, identifier, 0); expect(token.label).toEqual(identifier); expect( token.validUntil.getTime() - @@ -255,10 +248,7 @@ describe('AuthService', () => { expect(token.secret.startsWith(token.keyId)).toBeTruthy(); }); it('with validUntil not 0', async () => { - jest.spyOn(userRepo, 'findOne').mockResolvedValueOnce({ - ...user, - authTokens: [authToken], - }); + jest.spyOn(authTokenRepo, 'find').mockResolvedValueOnce([authToken]); jest .spyOn(authTokenRepo, 'save') .mockImplementationOnce( @@ -269,7 +259,7 @@ describe('AuthService', () => { ); const validUntil = new Date().getTime() + 30000; const token = await service.createTokenForUser( - user.username, + user, identifier, validUntil, ); diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts index 18e1cfdb5..08f0c6e8a 100644 --- a/src/auth/auth.service.ts +++ b/src/auth/auth.service.ts @@ -15,7 +15,6 @@ import { TooManyTokensError, } from '../errors/errors'; import { ConsoleLoggerService } from '../logger/console-logger.service'; -import { UserRelationEnum } from '../users/user-relation.enum'; import { User } from '../users/user.entity'; import { UsersService } from '../users/users.service'; import { @@ -58,13 +57,12 @@ export class AuthService { } async createTokenForUser( - username: string, + user: User, identifier: string, validUntil: TimestampMillis, ): Promise { - const user = await this.usersService.getUserByUsername(username, [ - UserRelationEnum.AUTHTOKENS, - ]); + user.authTokens = await this.getTokensByUser(user); + if (user.authTokens.length >= 200) { // This is a very high ceiling unlikely to hinder legitimate usage, // but should prevent possible attack vectors