From 2e1715a968fdfac0977952d3939cfe1b3f34190a Mon Sep 17 00:00:00 2001
From: jorgep <jorgep@verdnatura.es>
Date: Fri, 22 Dec 2023 15:19:45 +0100
Subject: [PATCH] refactor renewToken & replace ACL: refs #6274

---
 back/methods/vn-user/renew-token.js           | 41 ++++++++-----------
 .../methods/vn-user/specs/renew-token.spec.js |  1 -
 back/models/vn-user.json                      | 27 ++++++------
 db/changes/240201/00-timecontrol.sql          |  7 +++-
 4 files changed, 37 insertions(+), 39 deletions(-)

diff --git a/back/methods/vn-user/renew-token.js b/back/methods/vn-user/renew-token.js
index 194747949..d00085d8a 100644
--- a/back/methods/vn-user/renew-token.js
+++ b/back/methods/vn-user/renew-token.js
@@ -1,14 +1,5 @@
-const UserError = require('vn-loopback/util/user-error');
 const {models} = require('vn-loopback/server/server');
 
-const handlePromiseLogout = (Self, {id}, courtesyTime) => {
-    new Promise(res => {
-        setTimeout(() => {
-            res(Self.logout(id));
-        }
-        , courtesyTime * 1000);
-    });
-};
 module.exports = Self => {
     Self.remoteMethodCtx('renewToken', {
         description: 'Checks if the token has more than renewPeriod seconds to live and if so, renews it',
@@ -28,14 +19,26 @@ module.exports = Self => {
         const {accessToken: token} = ctx.req;
 
         // Check if current token is valid
-        const isValid = await validateToken(token);
-        if (isValid)
+
+        const {renewPeriod, courtesyTime} = await models.AccessTokenConfig.findOne({
+            fields: ['renewPeriod', 'courtesyTime']
+        });
+        const now = Date.now();
+        const differenceMilliseconds = now - token.created;
+        const differenceSeconds = Math.floor(differenceMilliseconds / 1000);
+        const isNotExceeded = differenceSeconds < renewPeriod - courtesyTime;
+        if (isNotExceeded)
             return token;
 
-        const {courtesyTime} = await models.AccessTokenConfig.findOne({fields: ['courtesyTime']});
-
         // Schedule to remove current token
-        handlePromiseLogout(Self, token, courtesyTime);
+        setTimeout(async() => {
+            try {
+                await Self.logout(token.id);
+            } catch (err) {
+                // eslint-disable-next-line no-console
+                console.error(err);
+            }
+        }, courtesyTime * 1000);
 
         // Create new accessToken
         const user = await Self.findById(token.userId);
@@ -43,14 +46,4 @@ module.exports = Self => {
 
         return {id: accessToken.id, ttl: accessToken.ttl};
     };
-
-    async function validateToken(token) {
-        const accessTokenConfig = await models.AccessTokenConfig.findOne({fields: ['renewPeriod', 'courtesyTime']});
-        const now = Date.now();
-        const differenceMilliseconds = now - token.created;
-        const differenceSeconds = Math.floor(differenceMilliseconds / 1000);
-        const isValid = differenceSeconds < accessTokenConfig.renewPeriod - accessTokenConfig.courtesyTime;
-
-        return isValid;
-    }
 };
diff --git a/back/methods/vn-user/specs/renew-token.spec.js b/back/methods/vn-user/specs/renew-token.spec.js
index 146f6eb0c..8d9bbf11c 100644
--- a/back/methods/vn-user/specs/renew-token.spec.js
+++ b/back/methods/vn-user/specs/renew-token.spec.js
@@ -30,7 +30,6 @@ describe('Renew Token', () => {
     it('should renew token', async() => {
         const mockDate = new Date(startingTime + 26600000);
         jasmine.clock().mockDate(mockDate);
-        console.log(startingTime, mockDate)
         const {id} = await models.VnUser.renewToken(ctx);
 
         expect(id).not.toEqual(ctx.req.accessToken.id);
diff --git a/back/models/vn-user.json b/back/models/vn-user.json
index 86ffac2bb..d0687098d 100644
--- a/back/models/vn-user.json
+++ b/back/models/vn-user.json
@@ -95,27 +95,30 @@
 			"principalType": "ROLE",
 			"principalId": "$everyone",
 			"permission": "ALLOW"
-        },
-        {
-            "property": "recoverPassword",
-            "accessType": "EXECUTE",
-            "principalType": "ROLE",
-            "principalId": "$everyone",
-            "permission": "ALLOW"
-        },
-		{
-            "property": "validateAuth",
+		}, {
+			"property": "recoverPassword",
 			"accessType": "EXECUTE",
 			"principalType": "ROLE",
 			"principalId": "$everyone",
 			"permission": "ALLOW"
-		},
-		{
+		}, {
+			"property": "validateAuth",
+			"accessType": "EXECUTE",
+			"principalType": "ROLE",
+			"principalId": "$everyone",
+			"permission": "ALLOW"
+		}, {
 			"property": "privileges",
 			"accessType": "*",
 			"principalType": "ROLE",
 			"principalId": "$authenticated",
 			"permission": "ALLOW"
+		}, {
+			"property": "renewToken",
+			"accessType": "WRITE",
+			"principalType": "ROLE",
+			"principalId": "$authenticated",
+			"permission": "ALLOW"
 		}
 	],
     "scopes": {
diff --git a/db/changes/240201/00-timecontrol.sql b/db/changes/240201/00-timecontrol.sql
index 0d3bd59b2..c3ddf5d96 100644
--- a/db/changes/240201/00-timecontrol.sql
+++ b/db/changes/240201/00-timecontrol.sql
@@ -1,3 +1,7 @@
+DELETE FROM `salix`.`ACL`
+    WHERE model = 'VnUser' 
+        AND  property = 'renewToken';
+
 INSERT INTO `account`.`role` (name, description)
 	VALUES ('timeControl','Tablet para fichar');
 
@@ -8,7 +12,6 @@ INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalTyp
     VALUES 
         ('WorkerTimeControl', 'login', 'READ', 'ALLOW', 'ROLE', 'timeControl'),
         ('WorkerTimeControl', 'getClockIn', 'READ', 'ALLOW', 'ROLE', 'timeControl'),
-        ('WorkerTimeControl', 'clockIn', 'WRITE', 'ALLOW', 'ROLE', 'timeControl'),
-        ('VnUser', 'renewToken', 'WRITE', 'ALLOW', 'ROLE', 'timeControl');
+        ('WorkerTimeControl', 'clockIn', 'WRITE', 'ALLOW', 'ROLE', 'timeControl');
 
 CALL `account`.`role_sync`();