Addressed defects

* Deleting the current token used for the session, now forces a logout. * Removed an assert in the is_valid_token code that was erroneous. * Sorted imports in test_auth according to style.
2018-03-10 13:18:26 -06:00 · 2018-03-10 13:18:26 -06:00 · f19c82d110
commit f19c82d110
parent 053bd591a0
5 changed files with 27 additions and 17 deletions
--- a/client/html/user_tokens.tpl
+++ b/client/html/user_tokens.tpl
@ -22,6 +22,11 @@
                    <div>Expires:</div>
                    <div><%= new Date(token.expirationTime).toLocaleDateString() %></div>
                </div>
+                <% } else { %>
+                    <div class="token-flex-row">
+                        <div>Expires:</div>
+                        <div>No Expiration</div>
+                    </div>
                <% } %>
            </div>
            <div class="token-flex-column token-actions">
--- a/client/js/api.js
+++ b/client/js/api.js
@ -16,7 +16,7 @@ class Api extends events.EventTarget {
        this.user = null;
        this.userName = null;
        this.userPassword = null;
-        this.userToken = null;
+        this.token = null;
        this.cache = {};
        this.allRanks = [
            'anonymous',
@ -98,7 +98,7 @@ class Api extends events.EventTarget {
        this.cache = {};
        return new Promise((resolve, reject) => {
            this.userName = userName;
-            this.userToken = token;
+            this.token = token;
            this.get('/user/' + userName + '?bump-login=true')
                .then(response => {
                    const options = {};
@ -135,7 +135,7 @@ class Api extends events.EventTarget {
                        {'user': userName, 'token': response.token},
                        options);
                    this.userName = userName;
-                    this.userToken = response.token;
+                    this.token = response.token;
                    this.userPassword = null;
                }, error => {
                    reject(error);
@ -183,7 +183,7 @@ class Api extends events.EventTarget {

    logout() {
        let self = this;
-        this.deleteToken(this.userName, this.userToken)
+        this.deleteToken(this.userName, this.token)
            .then(response => {
                self._logout();
            }, error => {
@ -195,7 +195,7 @@ class Api extends events.EventTarget {
        this.user = null;
        this.userName = null;
        this.userPassword = null;
-        this.userToken = null;
+        this.token = null;
        this.dispatchEvent(new CustomEvent('logout'));
    }

@ -333,10 +333,10 @@ class Api extends events.EventTarget {
            }

            try {
-                if (this.userName && this.userToken) {
+                if (this.userName && this.token) {
                    req.auth = null;
                    req.set('Authorization', 'Token '
-                        + new Buffer(this.userName + ":" + this.userToken).toString('base64'))
+                        + new Buffer(this.userName + ":" + this.token).toString('base64'))
                } else if (this.userName && this.userPassword) {
                    req.auth(
                        this.userName,
--- a/client/js/controllers/user_controller.js
+++ b/client/js/controllers/user_controller.js
@ -216,14 +216,18 @@ class UserController {
    _evtDeleteToken(e) {
        this._view.clearMessages();
        this._view.disableForm();
-        e.detail.userToken.delete(e.detail.user.name)
-            .then(() => {
-                const ctx = router.show(uri.formatClientLink('user', e.detail.user.name, 'list-tokens'));
-                ctx.controller.showSuccess('Token ' + e.detail.userToken.token + ' deleted.');
-            }, error => {
-                this._view.showError(error.message);
-                this._view.enableForm();
-            });
+        if (e.detail.userToken.token === api.token) {
+            router.show(uri.formatClientLink('logout'));
+        } else {
+            e.detail.userToken.delete(e.detail.user.name)
+                .then(() => {
+                    const ctx = router.show(uri.formatClientLink('user', e.detail.user.name, 'list-tokens'));
+                    ctx.controller.showSuccess('Token ' + e.detail.userToken.token + ' deleted.');
+                }, error => {
+                    this._view.showError(error.message);
+                    this._view.enableForm();
+                });
+        }
    }
 }

--- a/server/szurubooru/func/auth.py
+++ b/server/szurubooru/func/auth.py
@ -86,7 +86,8 @@ def is_valid_token(user_token: model.UserToken) -> bool:
    Token must be enabled and if it has an expiration, it must be
    greater than now.
    '''
-    assert user_token
+    if user_token is None:
+        return False
    if not user_token.enabled:
        return False
    if (user_token.expiration_time is not None
--- a/server/szurubooru/tests/func/test_auth.py
+++ b/server/szurubooru/tests/func/test_auth.py
@ -1,5 +1,5 @@
-import pytest
 from datetime import datetime, timedelta
+import pytest
 from szurubooru.func import auth