mirror of
https://github.com/jech/galene.git
synced 2024-12-22 15:25:48 +01:00
Expire expired tokens.
We now remove a token a week after it has expired.
This commit is contained in:
parent
e93642f9db
commit
adf273f9ea
4 changed files with 128 additions and 16 deletions
|
@ -149,7 +149,10 @@ func main() {
|
|||
for {
|
||||
select {
|
||||
case <-ticker.C:
|
||||
go group.Update()
|
||||
go func() {
|
||||
group.Update()
|
||||
token.Expire()
|
||||
}()
|
||||
case <-slowTicker.C:
|
||||
go relayTest()
|
||||
case <-terminate:
|
||||
|
|
|
@ -2130,7 +2130,7 @@ function userMenu(elt) {
|
|||
if(serverConnection.version !== "1" &&
|
||||
serverConnection.permissions.indexOf('token') >= 0) {
|
||||
items.push({label: 'Invite user', onClick: () => {
|
||||
serverConnection.groupAction('maketoken', units.d);
|
||||
makeToken(null);
|
||||
}});
|
||||
}
|
||||
if(serverConnection.permissions.indexOf('present') >= 0 && canFile())
|
||||
|
@ -3079,26 +3079,34 @@ function editTokenPredicate() {
|
|||
"You don't have permission to edit or list tokens" : null);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param {string} username
|
||||
* @param {number|string} [expires]
|
||||
*/
|
||||
function makeToken(username, expires) {
|
||||
let v = {
|
||||
group: group,
|
||||
};
|
||||
if(username)
|
||||
v.username = username;
|
||||
if(expires)
|
||||
v.expires = expires;
|
||||
else
|
||||
v.expires = units.d;
|
||||
if(serverConnection.permissions.indexOf('present') >= 0)
|
||||
v.permissions = ['present'];
|
||||
else
|
||||
v.permissions = [];
|
||||
serverConnection.groupAction('maketoken', v);
|
||||
}
|
||||
|
||||
commands.invite = {
|
||||
predicate: makeTokenPredicate,
|
||||
description: "create an invitation link",
|
||||
parameters: "[username] [expiration]",
|
||||
f: (c, r) => {
|
||||
let p = parseCommand(r);
|
||||
let v = {
|
||||
group: group,
|
||||
};
|
||||
if(p[0])
|
||||
v.username = p[0];
|
||||
if(p[1])
|
||||
v.expires = parseExpiration(p[1]);
|
||||
else
|
||||
v.expires = units.d;
|
||||
if(serverConnection.permissions.indexOf('present') >= 0)
|
||||
v.permissions = ['present'];
|
||||
else
|
||||
v.permissions = [];
|
||||
serverConnection.groupAction('maketoken', v);
|
||||
makeToken(p[0], parseExpiration(p[1]));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -355,3 +355,36 @@ func (state *state) List(group string) ([]*Stateful, error) {
|
|||
func List(group string) ([]*Stateful, error) {
|
||||
return tokens.List(group)
|
||||
}
|
||||
|
||||
func (state *state) Expire() error {
|
||||
state.mu.Lock()
|
||||
defer state.mu.Unlock()
|
||||
|
||||
err := state.load()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
now := time.Now()
|
||||
cutoff := now.Add(-time.Hour * 24 * 7)
|
||||
|
||||
modified := false
|
||||
for k, t := range state.tokens {
|
||||
if t.Expires.Before(cutoff) {
|
||||
delete(state.tokens, k)
|
||||
modified = true
|
||||
}
|
||||
}
|
||||
|
||||
if modified {
|
||||
err := state.rewrite()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func Expire() error {
|
||||
return tokens.Expire()
|
||||
}
|
||||
|
|
|
@ -292,3 +292,71 @@ func TestTokenStorage(t *testing.T) {
|
|||
t.Errorf("existence check: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestExpire(t *testing.T) {
|
||||
d := t.TempDir()
|
||||
s := state{
|
||||
filename: filepath.Join(d, "test.jsonl"),
|
||||
}
|
||||
now := time.Now()
|
||||
future := now.Add(time.Hour)
|
||||
past := now.Add(-time.Hour * 24 * 6)
|
||||
longPast := now.Add(-time.Hour * 24 * 8)
|
||||
user := "user"
|
||||
|
||||
tokens := []*Stateful{
|
||||
&Stateful{
|
||||
Token: "tok1",
|
||||
Group: "test",
|
||||
Username: &user,
|
||||
Permissions: []string{"present"},
|
||||
Expires: &now,
|
||||
},
|
||||
&Stateful{
|
||||
Token: "tok2",
|
||||
Group: "test",
|
||||
Username: &user,
|
||||
Permissions: []string{"present"},
|
||||
Expires: &future,
|
||||
},
|
||||
&Stateful{
|
||||
Token: "tok3",
|
||||
Group: "test",
|
||||
Username: &user,
|
||||
Permissions: []string{"present"},
|
||||
Expires: &now,
|
||||
},
|
||||
&Stateful{
|
||||
Token: "tok4",
|
||||
Group: "test",
|
||||
Username: &user,
|
||||
Permissions: []string{"present"},
|
||||
Expires: &past,
|
||||
},
|
||||
&Stateful{
|
||||
Token: "tok5",
|
||||
Group: "test",
|
||||
Username: &user,
|
||||
Permissions: []string{"present"},
|
||||
Expires: &longPast,
|
||||
},
|
||||
}
|
||||
|
||||
for _, token := range tokens {
|
||||
_, err := s.Add(token)
|
||||
if err != nil {
|
||||
t.Errorf("Add: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
expectTokens(t, s.tokens, tokens)
|
||||
expectTokenFile(t, s.filename, tokens)
|
||||
|
||||
err := s.Expire()
|
||||
if err != nil {
|
||||
t.Errorf("Expire: %v", err)
|
||||
}
|
||||
|
||||
expectTokens(t, s.tokens, tokens[:len(tokens)-1])
|
||||
expectTokenFile(t, s.filename, tokens[:len(tokens)-1])
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue