refactor renewToken & replace ACL: refs #6274

2023-12-22 15:19:45 +01:00 · 2023-12-22 15:19:45 +01:00 · 2e1715a968
parent 89fda361bd
commit 2e1715a968
4 changed files with 37 additions and 39 deletions
--- a/back/methods/vn-user/renew-token.js
+++ b/back/methods/vn-user/renew-token.js
@ -1,14 +1,5 @@
-const UserError = require('vn-loopback/util/user-error');
 const {models} = require('vn-loopback/server/server');

-const handlePromiseLogout = (Self, {id}, courtesyTime) => {
-    new Promise(res => {
-        setTimeout(() => {
-            res(Self.logout(id));
-        }
-        , courtesyTime * 1000);
-    });
-};
 module.exports = Self => {
    Self.remoteMethodCtx('renewToken', {
        description: 'Checks if the token has more than renewPeriod seconds to live and if so, renews it',
@ -28,14 +19,26 @@ module.exports = Self => {
        const {accessToken: token} = ctx.req;

        // Check if current token is valid
-        const isValid = await validateToken(token);
-        if (isValid)
+
+        const {renewPeriod, courtesyTime} = await models.AccessTokenConfig.findOne({
+            fields: ['renewPeriod', 'courtesyTime']
+        });
+        const now = Date.now();
+        const differenceMilliseconds = now - token.created;
+        const differenceSeconds = Math.floor(differenceMilliseconds / 1000);
+        const isNotExceeded = differenceSeconds < renewPeriod - courtesyTime;
+        if (isNotExceeded)
            return token;

-        const {courtesyTime} = await models.AccessTokenConfig.findOne({fields: ['courtesyTime']});
-
        // Schedule to remove current token
-        handlePromiseLogout(Self, token, courtesyTime);
+        setTimeout(async() => {
+            try {
+                await Self.logout(token.id);
+            } catch (err) {
+                // eslint-disable-next-line no-console
+                console.error(err);
+            }
+        }, courtesyTime * 1000);

        // Create new accessToken
        const user = await Self.findById(token.userId);
@ -43,14 +46,4 @@ module.exports = Self => {

        return {id: accessToken.id, ttl: accessToken.ttl};
    };
-
-    async function validateToken(token) {
-        const accessTokenConfig = await models.AccessTokenConfig.findOne({fields: ['renewPeriod', 'courtesyTime']});
-        const now = Date.now();
-        const differenceMilliseconds = now - token.created;
-        const differenceSeconds = Math.floor(differenceMilliseconds / 1000);
-        const isValid = differenceSeconds < accessTokenConfig.renewPeriod - accessTokenConfig.courtesyTime;
-
-        return isValid;
-    }
 };
--- a/back/methods/vn-user/specs/renew-token.spec.js
+++ b/back/methods/vn-user/specs/renew-token.spec.js
@ -30,7 +30,6 @@ describe('Renew Token', () => {
    it('should renew token', async() => {
        const mockDate = new Date(startingTime + 26600000);
        jasmine.clock().mockDate(mockDate);
-        console.log(startingTime, mockDate)
        const {id} = await models.VnUser.renewToken(ctx);

        expect(id).not.toEqual(ctx.req.accessToken.id);
--- a/back/models/vn-user.json
+++ b/back/models/vn-user.json
@ -95,27 +95,30 @@
 			"principalType": "ROLE",
 			"principalId": "$everyone",
 			"permission": "ALLOW"
-        },
-        {
+		}, {
 			"property": "recoverPassword",
 			"accessType": "EXECUTE",
 			"principalType": "ROLE",
 			"principalId": "$everyone",
 			"permission": "ALLOW"
-        },
-		{
+		}, {
 			"property": "validateAuth",
 			"accessType": "EXECUTE",
 			"principalType": "ROLE",
 			"principalId": "$everyone",
 			"permission": "ALLOW"
-		},
-		{
+		}, {
 			"property": "privileges",
 			"accessType": "*",
 			"principalType": "ROLE",
 			"principalId": "$authenticated",
 			"permission": "ALLOW"
+		}, {
+			"property": "renewToken",
+			"accessType": "WRITE",
+			"principalType": "ROLE",
+			"principalId": "$authenticated",
+			"permission": "ALLOW"
 		}
 	],
    "scopes": {
--- a/db/changes/240201/00-timecontrol.sql
+++ b/db/changes/240201/00-timecontrol.sql
@ -1,3 +1,7 @@
+DELETE FROM `salix`.`ACL`
+    WHERE model = 'VnUser' 
+        AND  property = 'renewToken';
+
 INSERT INTO `account`.`role` (name, description)
 	VALUES ('timeControl','Tablet para fichar');

@ -8,7 +12,6 @@ INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalTyp
    VALUES 
        ('WorkerTimeControl', 'login', 'READ', 'ALLOW', 'ROLE', 'timeControl'),
        ('WorkerTimeControl', 'getClockIn', 'READ', 'ALLOW', 'ROLE', 'timeControl'),
-        ('WorkerTimeControl', 'clockIn', 'WRITE', 'ALLOW', 'ROLE', 'timeControl'),
-        ('VnUser', 'renewToken', 'WRITE', 'ALLOW', 'ROLE', 'timeControl');
+        ('WorkerTimeControl', 'clockIn', 'WRITE', 'ALLOW', 'ROLE', 'timeControl');

 CALL `account`.`role_sync`();