Oops, forgot to have verification tokens expire
This commit is contained in:
Daniel Krol
parent
b86687a0c5
commit
f244dab036
3 changed files with 27 additions and 5 deletions
|
|
@ -440,9 +440,9 @@ func TestUpdateVerifyAccountSuccess(t *testing.T) {
|
||||||
defer StoreTestCleanup(sqliteTmpFile)
|
defer StoreTestCleanup(sqliteTmpFile)
|
||||||
|
|
||||||
verifyTokenString := auth.VerifyTokenString("abcd1234abcd1234abcd1234abcd1234")
|
verifyTokenString := auth.VerifyTokenString("abcd1234abcd1234abcd1234abcd1234")
|
||||||
time1 := time.Time{}
|
verifyExpiration := time.Now().Add(time.Second * 10).UTC() // expires in one second
|
||||||
|
|
||||||
_, email, password, createdSeed := makeTestUser(t, &s, &verifyTokenString, &time1)
|
_, email, password, createdSeed := makeTestUser(t, &s, &verifyTokenString, &verifyExpiration)
|
||||||
|
|
||||||
// we're not testing normalization features so we'll just use this here
|
// we're not testing normalization features so we'll just use this here
|
||||||
normEmail := email.Normalize()
|
normEmail := email.Normalize()
|
||||||
|
|
@ -462,3 +462,23 @@ func TestStoreVerifyAccountTokenNotExists(t *testing.T) {
|
||||||
t.Fatalf(`VerifyAccount error for nonexistant token: wanted "%+v", got "%+v."`, ErrNoTokenForUser, err)
|
t.Fatalf(`VerifyAccount error for nonexistant token: wanted "%+v", got "%+v."`, ErrNoTokenForUser, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Test VerifyAccount for expired token
|
||||||
|
func TestUpdateVerifyAccountTokenExpired(t *testing.T) {
|
||||||
|
s, sqliteTmpFile := StoreTestInit(t)
|
||||||
|
defer StoreTestCleanup(sqliteTmpFile)
|
||||||
|
|
||||||
|
verifyTokenString := auth.VerifyTokenString("abcd1234abcd1234abcd1234abcd1234")
|
||||||
|
verifyExpiration := time.Now().Add(time.Second * (-1)).UTC() // expired one second ago
|
||||||
|
|
||||||
|
_, email, password, createdSeed := makeTestUser(t, &s, &verifyTokenString, &verifyExpiration)
|
||||||
|
|
||||||
|
// we're not testing normalization features so we'll just use this here
|
||||||
|
normEmail := email.Normalize()
|
||||||
|
|
||||||
|
if err := s.VerifyAccount(verifyTokenString); err != ErrNoTokenForUser {
|
||||||
|
t.Fatalf(`VerifyAccount error for expired token: wanted "%+v", got "%+v."`, ErrNoTokenForUser, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
expectAccountMatch(t, &s, normEmail, email, password, createdSeed, &verifyTokenString, &verifyExpiration, time.Now().UTC(), time.Now().UTC())
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -310,7 +310,7 @@ func TestStoreGetToken(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Update the token to be expired
|
// Update the token to be expired
|
||||||
expirationOld := time.Now().Add(time.Second * (-1))
|
expirationOld := time.Now().Add(time.Second * (-1)).UTC()
|
||||||
if err := s.updateToken(&authToken, expirationOld); err != nil {
|
if err := s.updateToken(&authToken, expirationOld); err != nil {
|
||||||
t.Fatalf("Unexpected error in updateToken: %+v", err)
|
t.Fatalf("Unexpected error in updateToken: %+v", err)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -464,9 +464,11 @@ func (s *Store) UpdateVerifyTokenString(email auth.Email, verifyTokenString auth
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Store) VerifyAccount(verifyTokenString auth.VerifyTokenString) (err error) {
|
func (s *Store) VerifyAccount(verifyTokenString auth.VerifyTokenString) (err error) {
|
||||||
|
expirationCutoff := time.Now().UTC()
|
||||||
|
|
||||||
res, err := s.db.Exec(
|
res, err := s.db.Exec(
|
||||||
"UPDATE accounts SET verify_token=null, verify_expiration=null, updated=datetime('now') WHERE verify_token=?",
|
"UPDATE accounts SET verify_token=null, verify_expiration=null, updated=datetime('now') WHERE verify_token=? AND verify_expiration>?",
|
||||||
verifyTokenString,
|
verifyTokenString, expirationCutoff,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue