mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-23 10:16:32 -05:00
private: Add until to token creation
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares
parent
e8cdbdd677
commit
9a65a9bd29
3 changed files with 20 additions and 8 deletions
|
|
@ -37,12 +37,14 @@ export class TokensController {
|
||||||
|
|
||||||
@Post()
|
@Post()
|
||||||
async postTokenRequest(
|
async postTokenRequest(
|
||||||
@Body() label: string,
|
@Body('label') label: string,
|
||||||
|
@Body('until') until: number,
|
||||||
): Promise<AuthTokenWithSecretDto> {
|
): Promise<AuthTokenWithSecretDto> {
|
||||||
// ToDo: Get real userName
|
// ToDo: Get real userName
|
||||||
const authToken = await this.usersService.createTokenForUser(
|
const authToken = await this.usersService.createTokenForUser(
|
||||||
'hardcoded',
|
'hardcoded',
|
||||||
label,
|
label,
|
||||||
|
until,
|
||||||
);
|
);
|
||||||
return this.usersService.toAuthTokenWithSecretDto(authToken);
|
return this.usersService.toAuthTokenWithSecretDto(authToken);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,6 @@
|
||||||
|
|
||||||
import { Column, CreateDateColumn, Entity, ManyToOne, PrimaryGeneratedColumn } from 'typeorm';
|
import { Column, CreateDateColumn, Entity, ManyToOne, PrimaryGeneratedColumn } from 'typeorm';
|
||||||
import { User } from './user.entity';
|
import { User } from './user.entity';
|
||||||
import { Type } from 'class-transformer';
|
|
||||||
|
|
||||||
@Entity()
|
@Entity()
|
||||||
export class AuthToken {
|
export class AuthToken {
|
||||||
|
|
@ -25,16 +24,21 @@ export class AuthToken {
|
||||||
@Column({ unique: true })
|
@Column({ unique: true })
|
||||||
accessToken: string;
|
accessToken: string;
|
||||||
|
|
||||||
|
@Column({ type: 'date' })
|
||||||
|
validUntil: Date;
|
||||||
|
|
||||||
public static create(
|
public static create(
|
||||||
user: User,
|
user: User,
|
||||||
identifier: string,
|
identifier: string,
|
||||||
accessToken: string,
|
accessToken: string,
|
||||||
|
validUntil: Date,
|
||||||
): Pick<AuthToken, 'user' | 'accessToken'> {
|
): Pick<AuthToken, 'user' | 'accessToken'> {
|
||||||
const newToken = new AuthToken();
|
const newToken = new AuthToken();
|
||||||
newToken.user = user;
|
newToken.user = user;
|
||||||
newToken.identifier = identifier;
|
newToken.identifier = identifier;
|
||||||
newToken.accessToken = accessToken;
|
newToken.accessToken = accessToken;
|
||||||
newToken.createdAt = new Date();
|
newToken.createdAt = new Date();
|
||||||
|
newToken.validUntil = validUntil;
|
||||||
return newToken;
|
return newToken;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ import { ConsoleLoggerService } from '../logger/console-logger.service';
|
||||||
import { UserInfoDto } from './user-info.dto';
|
import { UserInfoDto } from './user-info.dto';
|
||||||
import { User } from './user.entity';
|
import { User } from './user.entity';
|
||||||
import { AuthToken } from './auth-token.entity';
|
import { AuthToken } from './auth-token.entity';
|
||||||
import { hash } from 'bcrypt'
|
import { hash, compare } from 'bcrypt'
|
||||||
import crypt from 'crypto';
|
import crypt from 'crypto';
|
||||||
import { AuthTokenDto } from './auth-token.dto';
|
import { AuthTokenDto } from './auth-token.dto';
|
||||||
import { AuthTokenWithSecretDto } from './auth-token-with-secret.dto';
|
import { AuthTokenWithSecretDto } from './auth-token-with-secret.dto';
|
||||||
|
|
@ -36,12 +36,13 @@ export class UsersService {
|
||||||
async createTokenForUser(
|
async createTokenForUser(
|
||||||
userName: string,
|
userName: string,
|
||||||
identifier: string,
|
identifier: string,
|
||||||
|
until: number,
|
||||||
): Promise<AuthToken> {
|
): Promise<AuthToken> {
|
||||||
const user = await this.getUserByUsername(userName);
|
const user = await this.getUserByUsername(userName);
|
||||||
const randomString = crypt.randomBytes(64).toString('base64');
|
const randomString = crypt.randomBytes(64).toString('base64url');
|
||||||
const accessToken = await this.hashPassword(randomString);
|
const accessToken = await this.hashPassword(randomString);
|
||||||
const token = AuthToken.create(user, identifier, accessToken);
|
const token = AuthToken.create(user, identifier, accessToken, new Date(until));
|
||||||
const createdToken = this.authTokenRepository.save(token);
|
const createdToken = await this.authTokenRepository.save(token);
|
||||||
return {
|
return {
|
||||||
accessToken: randomString,
|
accessToken: randomString,
|
||||||
...createdToken,
|
...createdToken,
|
||||||
|
|
@ -66,9 +67,14 @@ export class UsersService {
|
||||||
return user;
|
return user;
|
||||||
}
|
}
|
||||||
|
|
||||||
async hashPassword(password: string): Promise<string> {
|
async hashPassword(cleartext: string): Promise<string> {
|
||||||
// hash the password with bcrypt and 2^16 iterations
|
// hash the password with bcrypt and 2^16 iterations
|
||||||
return hash(password, 16)
|
return hash(cleartext, 16)
|
||||||
|
}
|
||||||
|
|
||||||
|
async checkPassword(cleartext: string, password: string): Promise<boolean> {
|
||||||
|
// hash the password with bcrypt and 2^16 iterations
|
||||||
|
return compare(cleartext, password)
|
||||||
}
|
}
|
||||||
|
|
||||||
async getUserByAuthToken(token: string): Promise<User> {
|
async getUserByAuthToken(token: string): Promise<User> {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue