github
/
nocodb
mirror of https://github.com/nocodb/nocodb
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

fix: add token_expired

pull/2338/head
Wing-Kam Wong 2 years ago
parent
7cedac59da
commit
64a2f10373
2 changed files with 28 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 30
      packages/nocodb/src/lib/meta/api/userApi/userApis.ts
  2. 7
      packages/nocodb/src/lib/models/User.ts

30
packages/nocodb/src/lib/meta/api/userApi/userApis.ts
Unescape View File

@ -71,7 +71,8 @@ export async function signup(req: Request, res: Response<TableType>) {
password, password,
email_verification_token, email_verification_token,
invite_token: null, invite_token: null,
invite_token_expires: null invite_token_expires: null,
email: user.email
}); });
} else { } else {
NcError.badRequest('User already exist'); NcError.badRequest('User already exist');
@ -102,7 +103,8 @@ export async function signup(req: Request, res: Response<TableType>) {
salt, salt,
password, password,
email_verification_token, email_verification_token,
roles roles,
token_expired: false
}); });
} }
user = await User.getByEmail(email); user = await User.getByEmail(email);
@ -126,7 +128,8 @@ export async function signup(req: Request, res: Response<TableType>) {
await promisify((req as any).login.bind(req))(user); await promisify((req as any).login.bind(req))(user);
const refreshToken = randomTokenString(); const refreshToken = randomTokenString();
await User.update(user.id, { await User.update(user.id, {
refresh_token: refreshToken refresh_token: refreshToken,
email: user.email
}); });
setTokenCookie(res, refreshToken); setTokenCookie(res, refreshToken);
@ -179,7 +182,9 @@ async function successfulSignIn({
const refreshToken = randomTokenString(); const refreshToken = randomTokenString();
await User.update(user.id, { await User.update(user.id, {
refresh_token: refreshToken refresh_token: refreshToken,
email: user.email,
token_expired: false
}); });
setTokenCookie(res, refreshToken); setTokenCookie(res, refreshToken);
@ -249,6 +254,7 @@ async function googleSignin(req, res, next) {
function randomTokenString(): string { function randomTokenString(): string {
return crypto.randomBytes(40).toString('hex'); return crypto.randomBytes(40).toString('hex');
} }
function setTokenCookie(res, token): void { function setTokenCookie(res, token): void {
// create http only cookie with refresh token that expires in 7 days // create http only cookie with refresh token that expires in 7 days
const cookieOptions = { const cookieOptions = {
@ -285,7 +291,8 @@ async function passwordChange(req: Request<any, any>, res): Promise<any> {
await User.update(user.id, { await User.update(user.id, {
salt, salt,
password, password,
email: user.email email: user.email,
token_expired: true
}); });
Audit.insert({ Audit.insert({
@ -311,6 +318,7 @@ async function passwordForgot(req: Request<any, any>, res): Promise<any> {
if (user) { if (user) {
const token = uuidv4(); const token = uuidv4();
await User.update(user.id, { await User.update(user.id, {
email: user.email,
reset_password_token: token, reset_password_token: token,
reset_password_expires: new Date(Date.now() + 60 * 60 * 1000) reset_password_expires: new Date(Date.now() + 60 * 60 * 1000)
}); });
@ -363,6 +371,9 @@ async function tokenValidate(req, res): Promise<any> {
if (user.reset_password_expires < new Date()) { if (user.reset_password_expires < new Date()) {
NcError.badRequest('Password reset url expired'); NcError.badRequest('Password reset url expired');
} }
if (user.token_expired) {
NcError.badRequest('Token Expired. Please login again.');
}
res.json(true); res.json(true);
} }
@ -389,8 +400,10 @@ async function passwordReset(req, res): Promise<any> {
await User.update(user.id, { await User.update(user.id, {
salt, salt,
password, password,
email: user.email,
reset_password_expires: null, reset_password_expires: null,
reset_password_token: '' reset_password_token: '',
token_expired: true
}); });
Audit.insert({ Audit.insert({
@ -416,6 +429,7 @@ async function emailVerification(req, res): Promise<any> {
} }
await User.update(user.id, { await User.update(user.id, {
email: user.email,
email_verification_token: '', email_verification_token: '',
email_verified: true email_verified: true
}); });
@ -446,7 +460,9 @@ async function refreshToken(req, res): Promise<any> {
const refreshToken = randomTokenString(); const refreshToken = randomTokenString();
await User.update(user.id, { await User.update(user.id, {
refresh_token: refreshToken email: user.email,
refresh_token: refreshToken,
token_expired: false
}); });
setTokenCookie(res, refreshToken); setTokenCookie(res, refreshToken);

7
packages/nocodb/src/lib/models/User.ts
Unescape View File

@ -22,6 +22,7 @@ export default class User implements UserType {
email_verification_token?: string; email_verification_token?: string;
email_verified: boolean; email_verified: boolean;
roles?: string; roles?: string;
token_expired?: boolean;
constructor(data: User) { constructor(data: User) {
Object.assign(this, data); Object.assign(this, data);
@ -43,7 +44,8 @@ export default class User implements UserType {
'reset_password_token', 'reset_password_token',
'email_verification_token', 'email_verification_token',
'email_verified', 'email_verified',
'roles' 'roles',
'token_expired'
]); ]);
const { id } = await ncMeta.metaInsert2( const { id } = await ncMeta.metaInsert2(
null, null,
@ -71,7 +73,8 @@ export default class User implements UserType {
'reset_password_token', 'reset_password_token',
'email_verification_token', 'email_verification_token',
'email_verified', 'email_verified',
'roles' 'roles',
'token_expired'
]); ]);
// get existing cache // get existing cache
const keys = [ const keys = [

Write Preview
Loading…
Cancel
Save