mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-27 03:58:02 -05:00
private: Add until to token creation
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
parent
e8cdbdd677
commit
9a65a9bd29
3 changed files with 20 additions and 8 deletions
|
@ -37,12 +37,14 @@ export class TokensController {
|
|||
|
||||
@Post()
|
||||
async postTokenRequest(
|
||||
@Body() label: string,
|
||||
@Body('label') label: string,
|
||||
@Body('until') until: number,
|
||||
): Promise<AuthTokenWithSecretDto> {
|
||||
// ToDo: Get real userName
|
||||
const authToken = await this.usersService.createTokenForUser(
|
||||
'hardcoded',
|
||||
label,
|
||||
until,
|
||||
);
|
||||
return this.usersService.toAuthTokenWithSecretDto(authToken);
|
||||
}
|
||||
|
|
|
@ -6,7 +6,6 @@
|
|||
|
||||
import { Column, CreateDateColumn, Entity, ManyToOne, PrimaryGeneratedColumn } from 'typeorm';
|
||||
import { User } from './user.entity';
|
||||
import { Type } from 'class-transformer';
|
||||
|
||||
@Entity()
|
||||
export class AuthToken {
|
||||
|
@ -25,16 +24,21 @@ export class AuthToken {
|
|||
@Column({ unique: true })
|
||||
accessToken: string;
|
||||
|
||||
@Column({ type: 'date' })
|
||||
validUntil: Date;
|
||||
|
||||
public static create(
|
||||
user: User,
|
||||
identifier: string,
|
||||
accessToken: string,
|
||||
validUntil: Date,
|
||||
): Pick<AuthToken, 'user' | 'accessToken'> {
|
||||
const newToken = new AuthToken();
|
||||
newToken.user = user;
|
||||
newToken.identifier = identifier;
|
||||
newToken.accessToken = accessToken;
|
||||
newToken.createdAt = new Date();
|
||||
newToken.validUntil = validUntil;
|
||||
return newToken;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -12,7 +12,7 @@ import { ConsoleLoggerService } from '../logger/console-logger.service';
|
|||
import { UserInfoDto } from './user-info.dto';
|
||||
import { User } from './user.entity';
|
||||
import { AuthToken } from './auth-token.entity';
|
||||
import { hash } from 'bcrypt'
|
||||
import { hash, compare } from 'bcrypt'
|
||||
import crypt from 'crypto';
|
||||
import { AuthTokenDto } from './auth-token.dto';
|
||||
import { AuthTokenWithSecretDto } from './auth-token-with-secret.dto';
|
||||
|
@ -36,12 +36,13 @@ export class UsersService {
|
|||
async createTokenForUser(
|
||||
userName: string,
|
||||
identifier: string,
|
||||
until: number,
|
||||
): Promise<AuthToken> {
|
||||
const user = await this.getUserByUsername(userName);
|
||||
const randomString = crypt.randomBytes(64).toString('base64');
|
||||
const randomString = crypt.randomBytes(64).toString('base64url');
|
||||
const accessToken = await this.hashPassword(randomString);
|
||||
const token = AuthToken.create(user, identifier, accessToken);
|
||||
const createdToken = this.authTokenRepository.save(token);
|
||||
const token = AuthToken.create(user, identifier, accessToken, new Date(until));
|
||||
const createdToken = await this.authTokenRepository.save(token);
|
||||
return {
|
||||
accessToken: randomString,
|
||||
...createdToken,
|
||||
|
@ -66,9 +67,14 @@ export class UsersService {
|
|||
return user;
|
||||
}
|
||||
|
||||
async hashPassword(password: string): Promise<string> {
|
||||
async hashPassword(cleartext: string): Promise<string> {
|
||||
// hash the password with bcrypt and 2^16 iterations
|
||||
return hash(password, 16)
|
||||
return hash(cleartext, 16)
|
||||
}
|
||||
|
||||
async checkPassword(cleartext: string, password: string): Promise<boolean> {
|
||||
// hash the password with bcrypt and 2^16 iterations
|
||||
return compare(cleartext, password)
|
||||
}
|
||||
|
||||
async getUserByAuthToken(token: string): Promise<User> {
|
||||
|
|
Loading…
Reference in a new issue