Oops, forgot to have verification tokens expire
This commit is contained in:
Daniel Krol
parent
b86687a0c5
commit
f244dab036
|
|
@ -440,9 +440,9 @@ func TestUpdateVerifyAccountSuccess(t *testing.T) {
|
|||
defer StoreTestCleanup(sqliteTmpFile)
|
||||
|
||||
verifyTokenString := auth.VerifyTokenString("abcd1234abcd1234abcd1234abcd1234")
|
||||
time1 := time.Time{}
|
||||
verifyExpiration := time.Now().Add(time.Second * 10).UTC() // expires in one second
|
||||
|
||||
_, email, password, createdSeed := makeTestUser(t, &s, &verifyTokenString, &time1)
|
||||
_, email, password, createdSeed := makeTestUser(t, &s, &verifyTokenString, &verifyExpiration)
|
||||
|
||||
// we're not testing normalization features so we'll just use this here
|
||||
normEmail := email.Normalize()
|
||||
|
|
@ -462,3 +462,23 @@ func TestStoreVerifyAccountTokenNotExists(t *testing.T) {
|
|||
t.Fatalf(`VerifyAccount error for nonexistant token: wanted "%+v", got "%+v."`, ErrNoTokenForUser, err)
|
||||
}
|
||||
}
|
||||
|
||||
// Test VerifyAccount for expired token
|
||||
func TestUpdateVerifyAccountTokenExpired(t *testing.T) {
|
||||
s, sqliteTmpFile := StoreTestInit(t)
|
||||
defer StoreTestCleanup(sqliteTmpFile)
|
||||
|
||||
verifyTokenString := auth.VerifyTokenString("abcd1234abcd1234abcd1234abcd1234")
|
||||
verifyExpiration := time.Now().Add(time.Second * (-1)).UTC() // expired one second ago
|
||||
|
||||
_, email, password, createdSeed := makeTestUser(t, &s, &verifyTokenString, &verifyExpiration)
|
||||
|
||||
// we're not testing normalization features so we'll just use this here
|
||||
normEmail := email.Normalize()
|
||||
|
||||
if err := s.VerifyAccount(verifyTokenString); err != ErrNoTokenForUser {
|
||||
t.Fatalf(`VerifyAccount error for expired token: wanted "%+v", got "%+v."`, ErrNoTokenForUser, err)
|
||||
}
|
||||
|
||||
expectAccountMatch(t, &s, normEmail, email, password, createdSeed, &verifyTokenString, &verifyExpiration, time.Now().UTC(), time.Now().UTC())
|
||||
}
|
||||
|
|
|
|||
|
|
@ -310,7 +310,7 @@ func TestStoreGetToken(t *testing.T) {
|
|||
}
|
||||
|
||||
// Update the token to be expired
|
||||
expirationOld := time.Now().Add(time.Second * (-1))
|
||||
expirationOld := time.Now().Add(time.Second * (-1)).UTC()
|
||||
if err := s.updateToken(&authToken, expirationOld); err != nil {
|
||||
t.Fatalf("Unexpected error in updateToken: %+v", err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -464,9 +464,11 @@ func (s *Store) UpdateVerifyTokenString(email auth.Email, verifyTokenString auth
|
|||
}
|
||||
|
||||
func (s *Store) VerifyAccount(verifyTokenString auth.VerifyTokenString) (err error) {
|
||||
expirationCutoff := time.Now().UTC()
|
||||
|
||||
res, err := s.db.Exec(
|
||||
"UPDATE accounts SET verify_token=null, verify_expiration=null, updated=datetime('now') WHERE verify_token=?",
|
||||
verifyTokenString,
|
||||
"UPDATE accounts SET verify_token=null, verify_expiration=null, updated=datetime('now') WHERE verify_token=? AND verify_expiration>?",
|
||||
verifyTokenString, expirationCutoff,
|
||||
)
|
||||
if err != nil {
|
||||
return
|
||||
|
|
|
|||
Loading…
Reference in a new issue