overleaf/services/web/app/coffee/Features/Security/OneTimeTokenHandler.coffee

Settings = require('settings-sharelatex')
RedisWrapper = require("../../infrastructure/RedisWrapper")
rclient = RedisWrapper.client("one_time_token")
crypto = require("crypto")
logger = require("logger-sharelatex")

ONE_HOUR_IN_S = 60 * 60

buildKey = (use, token)-> return "#{use}_token:#{token}"

module.exports =

	getNewToken: (use, value, options = {}, callback)->
		# options is optional
		if typeof options == "function"
			callback = options
			options = {}
		expiresIn = options.expiresIn or ONE_HOUR_IN_S
		token = crypto.randomBytes(32).toString("hex")
		logger.log {value, expiresIn, token_start: token.slice(0,8)}, "generating token for #{use}"
		multi = rclient.multi()
		multi.set buildKey(use, token), value
		multi.expire buildKey(use, token), expiresIn
		multi.exec (err)->
			callback(err, token)

	getValueFromTokenAndExpire: (use, token, callback)->
		logger.log token_start: token.slice(0,8), "getting value from #{use} token"
		multi = rclient.multi()
		multi.get buildKey(use, token)
		multi.del buildKey(use, token)
		multi.exec (err, results)->
			callback err, results?[0]
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`Settings = require('settings-sharelatex')`
Move all redis end points to be cluster compatible 2017-05-04 10:22:54 -04:00			`RedisWrapper = require("../../infrastructure/RedisWrapper")`
			`rclient = RedisWrapper.client("one_time_token")`
Use crypto.randomBytes 2014-05-16 05:52:31 -04:00			`crypto = require("crypto")`
added some logging 2014-05-15 13:08:21 -04:00			`logger = require("logger-sharelatex")`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00
token based reset works 2014-05-15 12:58:25 -04:00			`ONE_HOUR_IN_S = 60 * 60`

Send out confirmation emails on register and record confirmedAt date 2018-06-19 08:55:34 -04:00			`buildKey = (use, token)-> return "#{use}_token:#{token}"`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00
			`module.exports =`

Send out confirmation emails on register and record confirmedAt date 2018-06-19 08:55:34 -04:00			`getNewToken: (use, value, options = {}, callback)->`
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`# options is optional`
			`if typeof options == "function"`
			`callback = options`
			`options = {}`
			`expiresIn = options.expiresIn or ONE_HOUR_IN_S`
Use crypto.randomBytes 2014-05-16 05:52:31 -04:00			`token = crypto.randomBytes(32).toString("hex")`
Send out confirmation emails on register and record confirmedAt date 2018-06-19 08:55:34 -04:00			`logger.log {value, expiresIn, token_start: token.slice(0,8)}, "generating token for #{use}"`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`multi = rclient.multi()`
Send out confirmation emails on register and record confirmedAt date 2018-06-19 08:55:34 -04:00			`multi.set buildKey(use, token), value`
			`multi.expire buildKey(use, token), expiresIn`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`multi.exec (err)->`
			`callback(err, token)`

Send out confirmation emails on register and record confirmedAt date 2018-06-19 08:55:34 -04:00			`getValueFromTokenAndExpire: (use, token, callback)->`
			`logger.log token_start: token.slice(0,8), "getting value from #{use} token"`
writen getUserIdFromToken 2014-05-15 12:20:42 -04:00			`multi = rclient.multi()`
Send out confirmation emails on register and record confirmedAt date 2018-06-19 08:55:34 -04:00			`multi.get buildKey(use, token)`
			`multi.del buildKey(use, token)`
writen getUserIdFromToken 2014-05-15 12:20:42 -04:00			`multi.exec (err, results)->`
add null check to redis return value for getValueFromTokenAndExpire 2016-08-02 10:34:44 -04:00			`callback err, results?[0]`
writen getUserIdFromToken 2014-05-15 12:20:42 -04:00