lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: database constraint on auth_tokens

Browse source
This commit is contained in:
Sérgio Salgado 2021-04-07 02:16:16 +01:00 committed by Josh Harvey
parent 9b5cf32314
commit 3f6c0e6037
2 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/users.js
View file

@ -86,7 +86,7 @@ function reset2FASecret (token, id, secret) {
return db.tx(t => { return db.tx(t => {
const q1 = t.none('UPDATE users SET twofa_code=$1 WHERE id=$2', [secret, id]) const q1 = t.none('UPDATE users SET twofa_code=$1 WHERE id=$2', [secret, id])
const q2 = t.none(`DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1`, [id]) const q2 = t.none(`DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1`, [id])
const q3 = t.none(`DELETE FROM auth_tokens WHERE token=$1 and type='reset_password'`, [token]) const q3 = t.none(`DELETE FROM auth_tokens WHERE token=$1 and type='reset_twofa'`, [token])
return t.batch([q1, q2, q3]) return t.batch([q1, q2, q3])
}) })
}) })
@ -94,7 +94,7 @@ function reset2FASecret (token, id, secret) {
function createReset2FAToken (userID) { function createReset2FAToken (userID) {
const token = crypto.randomBytes(32).toString('hex') const token = crypto.randomBytes(32).toString('hex')
const sql = `INSERT INTO auth_tokens (token, type, user_id) VALUES ($1, 'reset_twofa', $2) ON CONFLICT (user_id) DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *` const sql = `INSERT INTO auth_tokens (token, type, user_id) VALUES ($1, 'reset_twofa', $2) ON CONFLICT (user_id, type) DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *`
return db.one(sql, [token, userID]) return db.one(sql, [token, userID])
} }
@ -123,7 +123,7 @@ function updatePassword (token, id, password) {
function createResetPasswordToken (userID) { function createResetPasswordToken (userID) {
const token = crypto.randomBytes(32).toString('hex') const token = crypto.randomBytes(32).toString('hex')
const sql = `INSERT INTO auth_tokens (token, type, user_id) VALUES ($1, 'reset_password', $2) ON CONFLICT (user_id) DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *` const sql = `INSERT INTO auth_tokens (token, type, user_id) VALUES ($1, 'reset_password', $2) ON CONFLICT (user_id, type) DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *`
return db.one(sql, [token, userID]) return db.one(sql, [token, userID])
} }

5
migrations/1605181184453-users.js
View file

@ -25,8 +25,9 @@ exports.up = function (next) {
`CREATE TABLE auth_tokens ( `CREATE TABLE auth_tokens (
token TEXT NOT NULL PRIMARY KEY, token TEXT NOT NULL PRIMARY KEY,
type auth_token_type NOT NULL, type auth_token_type NOT NULL,
user_id UUID REFERENCES users(id) ON DELETE CASCADE UNIQUE, user_id UUID REFERENCES users(id) ON DELETE CASCADE,
expire TIMESTAMPTZ NOT NULL DEFAULT now() + interval '30 minutes' expire TIMESTAMPTZ NOT NULL DEFAULT now() + interval '30 minutes',
CONSTRAINT unique_userid_type UNIQUE (user_id, type)
)`, )`,
`CREATE TABLE user_register_tokens ( `CREATE TABLE user_register_tokens (
token TEXT NOT NULL PRIMARY KEY, token TEXT NOT NULL PRIMARY KEY,