Addressed defects
* Deleting the current token used for the session, now forces a logout. * Removed an assert in the is_valid_token code that was erroneous. * Sorted imports in test_auth according to style.
This commit is contained in:
ReAnzu
parent
053bd591a0
commit
f19c82d110
5 changed files with 27 additions and 17 deletions
|
|
@ -22,6 +22,11 @@
|
|||
<div>Expires:</div>
|
||||
<div><%= new Date(token.expirationTime).toLocaleDateString() %></div>
|
||||
</div>
|
||||
<% } else { %>
|
||||
<div class="token-flex-row">
|
||||
<div>Expires:</div>
|
||||
<div>No Expiration</div>
|
||||
</div>
|
||||
<% } %>
|
||||
</div>
|
||||
<div class="token-flex-column token-actions">
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ class Api extends events.EventTarget {
|
|||
this.user = null;
|
||||
this.userName = null;
|
||||
this.userPassword = null;
|
||||
this.userToken = null;
|
||||
this.token = null;
|
||||
this.cache = {};
|
||||
this.allRanks = [
|
||||
'anonymous',
|
||||
|
|
@ -98,7 +98,7 @@ class Api extends events.EventTarget {
|
|||
this.cache = {};
|
||||
return new Promise((resolve, reject) => {
|
||||
this.userName = userName;
|
||||
this.userToken = token;
|
||||
this.token = token;
|
||||
this.get('/user/' + userName + '?bump-login=true')
|
||||
.then(response => {
|
||||
const options = {};
|
||||
|
|
@ -135,7 +135,7 @@ class Api extends events.EventTarget {
|
|||
{'user': userName, 'token': response.token},
|
||||
options);
|
||||
this.userName = userName;
|
||||
this.userToken = response.token;
|
||||
this.token = response.token;
|
||||
this.userPassword = null;
|
||||
}, error => {
|
||||
reject(error);
|
||||
|
|
@ -183,7 +183,7 @@ class Api extends events.EventTarget {
|
|||
|
||||
logout() {
|
||||
let self = this;
|
||||
this.deleteToken(this.userName, this.userToken)
|
||||
this.deleteToken(this.userName, this.token)
|
||||
.then(response => {
|
||||
self._logout();
|
||||
}, error => {
|
||||
|
|
@ -195,7 +195,7 @@ class Api extends events.EventTarget {
|
|||
this.user = null;
|
||||
this.userName = null;
|
||||
this.userPassword = null;
|
||||
this.userToken = null;
|
||||
this.token = null;
|
||||
this.dispatchEvent(new CustomEvent('logout'));
|
||||
}
|
||||
|
||||
|
|
@ -333,10 +333,10 @@ class Api extends events.EventTarget {
|
|||
}
|
||||
|
||||
try {
|
||||
if (this.userName && this.userToken) {
|
||||
if (this.userName && this.token) {
|
||||
req.auth = null;
|
||||
req.set('Authorization', 'Token '
|
||||
+ new Buffer(this.userName + ":" + this.userToken).toString('base64'))
|
||||
+ new Buffer(this.userName + ":" + this.token).toString('base64'))
|
||||
} else if (this.userName && this.userPassword) {
|
||||
req.auth(
|
||||
this.userName,
|
||||
|
|
|
|||
|
|
@ -216,6 +216,9 @@ class UserController {
|
|||
_evtDeleteToken(e) {
|
||||
this._view.clearMessages();
|
||||
this._view.disableForm();
|
||||
if (e.detail.userToken.token === api.token) {
|
||||
router.show(uri.formatClientLink('logout'));
|
||||
} else {
|
||||
e.detail.userToken.delete(e.detail.user.name)
|
||||
.then(() => {
|
||||
const ctx = router.show(uri.formatClientLink('user', e.detail.user.name, 'list-tokens'));
|
||||
|
|
@ -225,6 +228,7 @@ class UserController {
|
|||
this._view.enableForm();
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = router => {
|
||||
|
|
|
|||
|
|
@ -86,7 +86,8 @@ def is_valid_token(user_token: model.UserToken) -> bool:
|
|||
Token must be enabled and if it has an expiration, it must be
|
||||
greater than now.
|
||||
'''
|
||||
assert user_token
|
||||
if user_token is None:
|
||||
return False
|
||||
if not user_token.enabled:
|
||||
return False
|
||||
if (user_token.expiration_time is not None
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
import pytest
|
||||
from datetime import datetime, timedelta
|
||||
import pytest
|
||||
from szurubooru.func import auth
|
||||
|
||||
|
||||
|
|
|
|||
Reference in a new issue