github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-02-15 13:41:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

private: removes collision check for tokens

Browse source 
this seems very unnecessary as the chance of this is 1 / 2^512

Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2021-01-17 20:35:43 +01:00
parent 0a1c3426c0
commit e8cdbdd677
3 changed files with 10 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/errors/errors.ts
View file

@ -15,7 +15,3 @@ export class ClientError extends Error {
export class PermissionError extends Error { export class PermissionError extends Error {
name = 'PermissionError'; name = 'PermissionError';
} }
export class RandomnessError extends Error {
name = 'RandomnessError';
}

2
src/users/auth-token.entity.ts
View file

@ -22,7 +22,7 @@ export class AuthToken {
@CreateDateColumn() @CreateDateColumn()
createdAt: Date; createdAt: Date;
@Column() @Column({ unique: true })
accessToken: string; accessToken: string;
public static create( public static create(

30
src/users/users.service.ts
View file

@ -7,7 +7,7 @@
import { Injectable } from '@nestjs/common'; import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm'; import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm'; import { Repository } from 'typeorm';
import { NotInDBError, RandomnessError } from '../errors/errors'; import { NotInDBError } from '../errors/errors';
import { ConsoleLoggerService } from '../logger/console-logger.service'; import { ConsoleLoggerService } from '../logger/console-logger.service';
import { UserInfoDto } from './user-info.dto'; import { UserInfoDto } from './user-info.dto';
import { User } from './user.entity'; import { User } from './user.entity';
@ -38,26 +38,14 @@ export class UsersService {
identifier: string, identifier: string,
): Promise<AuthToken> { ): Promise<AuthToken> {
const user = await this.getUserByUsername(userName); const user = await this.getUserByUsername(userName);
let accessToken = ''; const randomString = crypt.randomBytes(64).toString('base64');
let randomString = ''; const accessToken = await this.hashPassword(randomString);
for (let i = 0; i < 100; i++) { const token = AuthToken.create(user, identifier, accessToken);
try { const createdToken = this.authTokenRepository.save(token);
randomString = crypt.randomBytes(64).toString("base64"); return {
accessToken = await this.hashPassword(randomString); accessToken: randomString,
await this.getUserByAuthToken(accessToken); ...createdToken,
} catch (NotInDBError) { };
const token = AuthToken.create(user, identifier, accessToken);
const createdToken = this.authTokenRepository.save(token);
return {
accessToken: randomString,
...createdToken
}
}
}
// This should never happen
throw new RandomnessError(
'Your machine is not able to generate not-in-use tokens. This should never happen.',
);
} }
async deleteUser(userName: string) { async deleteUser(userName: string) {