frodovdr
/
node-red
mirror of https://github.com/node-red/node-red.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add access_token expiry

This commit is contained in:
Nick O'Leary 2015-03-30 14:14:32 +01:00
parent f967a5ecdc
commit 7adefd6ee0
4 changed files with 81 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
red/api/auth/index.js
View File

@ -38,7 +38,7 @@ function init(_settings,storage) {
settings = _settings; settings = _settings;
if (settings.adminAuth) { if (settings.adminAuth) {
Users.init(settings.adminAuth); Users.init(settings.adminAuth);
Tokens.init(storage); Tokens.init(settings.adminAuth,storage);
} }
} }

2
red/api/auth/strategies.js
View File

@ -86,7 +86,7 @@ var passwordTokenExchange = function(client, username, password, scope, done) {
}); });
Tokens.create(username,client.id,scope).then(function(tokens) { Tokens.create(username,client.id,scope).then(function(tokens) {
// TODO: audit log // TODO: audit log
done(null,tokens.accessToken); done(null,tokens.accessToken,null,{expires_in:tokens.expires_in});
}); });
} else { } else {
done(null,false); done(null,false);

40
red/api/auth/tokens.js
View File

@ -27,30 +27,66 @@ function generateToken(length) {
var storage; var storage;
var sessionExpiryTime
var sessions = {}; var sessions = {};
function expireSessions() {
var now = Date.now();
var modified = false;
for (var t in sessions) {
if (sessions.hasOwnProperty(t)) {
var session = sessions[t];
if (!session.hasOwnProperty("expires") || session.expires < now) {
delete sessions[t];
modified = true;
}
}
}
if (modified) {
return storage.saveSessions(sessions);
} else {
return when.resolve();
}
}
module.exports = { module.exports = {
init: function(_storage) { init: function(adminAuthSettings, _storage) {
storage = _storage; storage = _storage;
sessionExpiryTime = adminAuthSettings.sessionExpiryTime || 604800; // 1 week in seconds
return storage.getSessions().then(function(_sessions) { return storage.getSessions().then(function(_sessions) {
sessions = _sessions||{}; sessions = _sessions||{};
return expireSessions();
}); });
}, },
get: function(token) { get: function(token) {
if (sessions[token]) {
if (sessions[token].expires < Date.now()) {
return expireSessions().then(function() { return null });
}
}
return when.resolve(sessions[token]); return when.resolve(sessions[token]);
}, },
create: function(user,client,scope) { create: function(user,client,scope) {
var accessToken = generateToken(128); var accessToken = generateToken(128);
var accessTokenExpiresAt = Date.now() + (sessionExpiryTime*1000);
var session = { var session = {
user:user, user:user,
client:client, client:client,
scope:scope, scope:scope,
accessToken: accessToken, accessToken: accessToken,
expires: accessTokenExpiresAt
}; };
sessions[accessToken] = session; sessions[accessToken] = session;
return storage.saveSessions(sessions).then(function() { return storage.saveSessions(sessions).then(function() {
return { return {
accessToken: accessToken, accessToken: accessToken,
expires_in: sessionExpiryTime
} }
}); });
}, },

48
test/red/api/auth/tokens_spec.js
View File

@ -24,7 +24,7 @@ var Tokens = require("../../../../red/api/auth/tokens");
describe("Tokens", function() { describe("Tokens", function() {
describe("#init",function() { describe("#init",function() {
it('loads sessions', function(done) { it('loads sessions', function(done) {
Tokens.init({ Tokens.init({},{
getSessions:function() { getSessions:function() {
done(); done();
return when.resolve(); return when.resolve();
@ -36,9 +36,9 @@ describe("Tokens", function() {
describe("#get",function() { describe("#get",function() {
it('returns a valid token', function(done) { it('returns a valid token', function(done) {
Tokens.init({ Tokens.init({},{
getSessions:function() { getSessions:function() {
return when.resolve({"1234":{"user":"fred"}}); return when.resolve({"1234":{"user":"fred","expires":Date.now()+1000}});
} }
}).then(function() { }).then(function() {
Tokens.get("1234").then(function(token) { Tokens.get("1234").then(function(token) {
@ -53,7 +53,7 @@ describe("Tokens", function() {
}); });
it('returns null for an invalid token', function(done) { it('returns null for an invalid token', function(done) {
Tokens.init({ Tokens.init({},{
getSessions:function() { getSessions:function() {
return when.resolve({}); return when.resolve({});
} }
@ -68,12 +68,41 @@ describe("Tokens", function() {
}); });
}); });
}); });
it('returns null for an expired token', function(done) {
var saveSessions = sinon.stub().returns(when.resolve());
var expiryTime = Date.now()+50;
Tokens.init({},{
getSessions:function() {
return when.resolve({"1234":{"user":"fred","expires":expiryTime}});
},
saveSessions: saveSessions
}).then(function() {
Tokens.get("1234").then(function(token) {
try {
should.exist(token);
setTimeout(function() {
Tokens.get("1234").then(function(token) {
try {
should.not.exist(token);
saveSessions.calledOnce.should.be.true;
done();
} catch(err) {
done(err);
}
});
},100);
} catch(err) {
done(err);
}
});
});
});
}); });
describe("#create",function() { describe("#create",function() {
it('creates a token', function(done) { it('creates a token', function(done) {
var savedSession; var savedSession;
Tokens.init({ Tokens.init({sessionExpiryTime: 10},{
getSessions:function() { getSessions:function() {
return when.resolve({}); return when.resolve({});
}, },
@ -82,6 +111,9 @@ describe("Tokens", function() {
return when.resolve(); return when.resolve();
} }
}); });
var expectedExpiryTime = Date.now()+10000;
Tokens.create("user","client","scope").then(function(token) { Tokens.create("user","client","scope").then(function(token) {
try { try {
should.exist(savedSession); should.exist(savedSession);
@ -92,6 +124,8 @@ describe("Tokens", function() {
savedSession[sessionKeys[0]].should.have.a.property('user','user'); savedSession[sessionKeys[0]].should.have.a.property('user','user');
savedSession[sessionKeys[0]].should.have.a.property('client','client'); savedSession[sessionKeys[0]].should.have.a.property('client','client');
savedSession[sessionKeys[0]].should.have.a.property('scope','scope'); savedSession[sessionKeys[0]].should.have.a.property('scope','scope');
savedSession[sessionKeys[0]].should.have.a.property('expires');
savedSession[sessionKeys[0]].expires.should.be.within(expectedExpiryTime-200,expectedExpiryTime+200);
done(); done();
} catch(err) { } catch(err) {
done(err); done(err);
@ -103,9 +137,9 @@ describe("Tokens", function() {
describe("#revoke", function() { describe("#revoke", function() {
it('revokes a token', function(done) { it('revokes a token', function(done) {
var savedSession; var savedSession;
Tokens.init({ Tokens.init({},{
getSessions:function() { getSessions:function() {
return when.resolve({"1234":{"user":"fred"}}); return when.resolve({"1234":{"user":"fred","expires":Date.now()+1000}});
}, },
saveSessions:function(sess) { saveSessions:function(sess) {
savedSession = sess; savedSession = sess;