Addressed defects
* Deleting the current token used for the session, now forces a logout. * Removed an assert in the is_valid_token code that was erroneous. * Sorted imports in test_auth according to style.
This commit is contained in:
ReAnzu
parent
053bd591a0
commit
f19c82d110
5 changed files with 27 additions and 17 deletions
|
|
@ -22,6 +22,11 @@
|
||||||
<div>Expires:</div>
|
<div>Expires:</div>
|
||||||
<div><%= new Date(token.expirationTime).toLocaleDateString() %></div>
|
<div><%= new Date(token.expirationTime).toLocaleDateString() %></div>
|
||||||
</div>
|
</div>
|
||||||
|
<% } else { %>
|
||||||
|
<div class="token-flex-row">
|
||||||
|
<div>Expires:</div>
|
||||||
|
<div>No Expiration</div>
|
||||||
|
</div>
|
||||||
<% } %>
|
<% } %>
|
||||||
</div>
|
</div>
|
||||||
<div class="token-flex-column token-actions">
|
<div class="token-flex-column token-actions">
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@ class Api extends events.EventTarget {
|
||||||
this.user = null;
|
this.user = null;
|
||||||
this.userName = null;
|
this.userName = null;
|
||||||
this.userPassword = null;
|
this.userPassword = null;
|
||||||
this.userToken = null;
|
this.token = null;
|
||||||
this.cache = {};
|
this.cache = {};
|
||||||
this.allRanks = [
|
this.allRanks = [
|
||||||
'anonymous',
|
'anonymous',
|
||||||
|
|
@ -98,7 +98,7 @@ class Api extends events.EventTarget {
|
||||||
this.cache = {};
|
this.cache = {};
|
||||||
return new Promise((resolve, reject) => {
|
return new Promise((resolve, reject) => {
|
||||||
this.userName = userName;
|
this.userName = userName;
|
||||||
this.userToken = token;
|
this.token = token;
|
||||||
this.get('/user/' + userName + '?bump-login=true')
|
this.get('/user/' + userName + '?bump-login=true')
|
||||||
.then(response => {
|
.then(response => {
|
||||||
const options = {};
|
const options = {};
|
||||||
|
|
@ -135,7 +135,7 @@ class Api extends events.EventTarget {
|
||||||
{'user': userName, 'token': response.token},
|
{'user': userName, 'token': response.token},
|
||||||
options);
|
options);
|
||||||
this.userName = userName;
|
this.userName = userName;
|
||||||
this.userToken = response.token;
|
this.token = response.token;
|
||||||
this.userPassword = null;
|
this.userPassword = null;
|
||||||
}, error => {
|
}, error => {
|
||||||
reject(error);
|
reject(error);
|
||||||
|
|
@ -183,7 +183,7 @@ class Api extends events.EventTarget {
|
||||||
|
|
||||||
logout() {
|
logout() {
|
||||||
let self = this;
|
let self = this;
|
||||||
this.deleteToken(this.userName, this.userToken)
|
this.deleteToken(this.userName, this.token)
|
||||||
.then(response => {
|
.then(response => {
|
||||||
self._logout();
|
self._logout();
|
||||||
}, error => {
|
}, error => {
|
||||||
|
|
@ -195,7 +195,7 @@ class Api extends events.EventTarget {
|
||||||
this.user = null;
|
this.user = null;
|
||||||
this.userName = null;
|
this.userName = null;
|
||||||
this.userPassword = null;
|
this.userPassword = null;
|
||||||
this.userToken = null;
|
this.token = null;
|
||||||
this.dispatchEvent(new CustomEvent('logout'));
|
this.dispatchEvent(new CustomEvent('logout'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -333,10 +333,10 @@ class Api extends events.EventTarget {
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
if (this.userName && this.userToken) {
|
if (this.userName && this.token) {
|
||||||
req.auth = null;
|
req.auth = null;
|
||||||
req.set('Authorization', 'Token '
|
req.set('Authorization', 'Token '
|
||||||
+ new Buffer(this.userName + ":" + this.userToken).toString('base64'))
|
+ new Buffer(this.userName + ":" + this.token).toString('base64'))
|
||||||
} else if (this.userName && this.userPassword) {
|
} else if (this.userName && this.userPassword) {
|
||||||
req.auth(
|
req.auth(
|
||||||
this.userName,
|
this.userName,
|
||||||
|
|
|
||||||
|
|
@ -216,6 +216,9 @@ class UserController {
|
||||||
_evtDeleteToken(e) {
|
_evtDeleteToken(e) {
|
||||||
this._view.clearMessages();
|
this._view.clearMessages();
|
||||||
this._view.disableForm();
|
this._view.disableForm();
|
||||||
|
if (e.detail.userToken.token === api.token) {
|
||||||
|
router.show(uri.formatClientLink('logout'));
|
||||||
|
} else {
|
||||||
e.detail.userToken.delete(e.detail.user.name)
|
e.detail.userToken.delete(e.detail.user.name)
|
||||||
.then(() => {
|
.then(() => {
|
||||||
const ctx = router.show(uri.formatClientLink('user', e.detail.user.name, 'list-tokens'));
|
const ctx = router.show(uri.formatClientLink('user', e.detail.user.name, 'list-tokens'));
|
||||||
|
|
@ -226,6 +229,7 @@ class UserController {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
module.exports = router => {
|
module.exports = router => {
|
||||||
router.enter(['user', ':name'], (ctx, next) => {
|
router.enter(['user', ':name'], (ctx, next) => {
|
||||||
|
|
|
||||||
|
|
@ -86,7 +86,8 @@ def is_valid_token(user_token: model.UserToken) -> bool:
|
||||||
Token must be enabled and if it has an expiration, it must be
|
Token must be enabled and if it has an expiration, it must be
|
||||||
greater than now.
|
greater than now.
|
||||||
'''
|
'''
|
||||||
assert user_token
|
if user_token is None:
|
||||||
|
return False
|
||||||
if not user_token.enabled:
|
if not user_token.enabled:
|
||||||
return False
|
return False
|
||||||
if (user_token.expiration_time is not None
|
if (user_token.expiration_time is not None
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
import pytest
|
|
||||||
from datetime import datetime, timedelta
|
from datetime import datetime, timedelta
|
||||||
|
import pytest
|
||||||
from szurubooru.func import auth
|
from szurubooru.func import auth
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Reference in a new issue