From 268613a0de59f374030e86b76989d4376eeaf708 Mon Sep 17 00:00:00 2001 From: alemela Date: Mon, 30 Jun 2014 12:41:23 +0200 Subject: [PATCH 1/2] Remove token after used or when expired --- registry/backend.js | 29 +++++++++++++++++++++++++++-- registry/login_once.js | 21 +++++++++++++++++++++ registry/signup.js | 4 ++++ 3 files changed, 52 insertions(+), 2 deletions(-) diff --git a/registry/backend.js b/registry/backend.js index 22b6713..2908908 100644 --- a/registry/backend.js +++ b/registry/backend.js @@ -37,6 +37,7 @@ var utils = require("./utils"); var MATRICOLA = /^[0-9]{6}$/; var TOKEN = /^[A-Fa-f0-9]{40}$/; +var MAYBE_EMPTY_TOKEN = /^(|[A-Fa-f0-9]{40})$/; var PWDHASH = /^[A-Fa-f0-9]{32}$/; var URL = /^(|http(|s)\:\/\/[A-Za-z0-9\.\-\_\%\?\&\=\/]+)$/; @@ -111,12 +112,33 @@ exports.saveUsers = function (matricola, hash, callback) { return; } console.log("backend: password stored for %s", matricola); + exports.removeToken(matricola, function (error) { + if (error) { + callback(error); + return; + } + callback(); + }); callback(); }); }); }; +exports.removeToken = function (matricola, callback) { + var delToken = {Matricola: matricola, + Token: "", + TokenDate: ""}; + exports.writeStudentInfo(delToken, function (error) { + if (error) { + callback(error); + return; + } + console.log("backend: token removed for %s", delToken.Matricola); + callback(); + }); +}; + exports.readStudentInfo = function (matricola, callback) { console.info("backend: readStudentInfo"); @@ -169,6 +191,9 @@ function doWriteInfo(curInfo, callback) { var knownKeys = { "Nome": /^[A-Za-z\'\- ]+$/, "Cognome": /^[A-Za-z\'\- ]+$/, + "Matricola": MATRICOLA, + "Token": MAYBE_EMPTY_TOKEN, + "TokenDate": /^(|[0-9]{14})$/, "Blog": URL, "Twitter": /^(|@[A-Za-z0-9_]{1,15})$/, "Wikipedia": /^(|(U|u)tente\:[^\{\}\[\]\#\|\<\>][^\{\}\[\]\#\|\<\>]+)$/, @@ -212,12 +237,12 @@ exports.writeStudentInfo = function (newInfo, callback) { for (index = 0; index < keys.length; ++index) { key = keys[index]; if (knownKeys[key] === undefined) { - console.warn("backend: unknown key"); + console.warn("backend: unknown key %s", key); callback("backend: unknown key"); return; } if (newInfo[key].match(knownKeys[key]) === null) { - console.info("backend: regexp does not match"); + console.info("backend: regexp does not match for %s", key); callback("signup: regexp does not match"); return; } diff --git a/registry/login_once.js b/registry/login_once.js index 04b8e95..4a56f9d 100644 --- a/registry/login_once.js +++ b/registry/login_once.js @@ -52,6 +52,27 @@ var handleRequest = function (request, response, matricola, token, hash) { ); return; } + var currentDate = new Date(); + var tokenDate = new Date(obj.TokenDate.replace( + /^(\d{4})(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)$/,'$4:$5:$6 $2/$3/$1')); + var differenceInMs = currentDate - tokenDate; + if (differenceInMs > 86400000) { //one day in ms + console.info("login_once: token expired"); + backend.removeToken(matricola, function (error) { + if (error) { + callback(error); + return; + } + callback(); + }); + utils.writeHeadVerboseCORS(response, 500, { + "Content-Type": "text/plain" + }); + response.end( + "La chiave inserita e' scaduta. Riparti da Sign Up o Reset password." + ); + return; + } console.info("login_once: right token --> saveUsers"); backend.saveUsers(matricola, hash, function (error) { if (error) { diff --git a/registry/signup.js b/registry/signup.js index db8dbbb..d50a267 100644 --- a/registry/signup.js +++ b/registry/signup.js @@ -86,6 +86,9 @@ exports.handleMatricola = function (request, response) { try { studentInfo.Token = crypto.randomBytes(20).toString("hex"); + studentInfo.TokenDate = new Date().toISOString() + .replace(/T/,'').replace(/\..+/, '').replace(/:/g,'') + .replace(/-/g,''); } catch (error) { utils.internalError(error, request, response); return; @@ -116,6 +119,7 @@ exports.handleMatricola = function (request, response) { "Cognome": cognome, "Matricola": message.Matricola, "Token": "", + "TokenDate": "", "Blog": "", "Twitter": "", "Wikipedia": "", From 80ff7d3b7e93a4f90dd348beff7872703aaf175f Mon Sep 17 00:00:00 2001 From: alemela Date: Mon, 7 Jul 2014 11:48:53 +0200 Subject: [PATCH 2/2] Some fixes and better error response --- registry/backend.js | 1 - registry/html/login_once.html | 2 +- registry/login_once.js | 13 ++++++------- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/registry/backend.js b/registry/backend.js index 2908908..4b4fdcb 100644 --- a/registry/backend.js +++ b/registry/backend.js @@ -119,7 +119,6 @@ exports.saveUsers = function (matricola, hash, callback) { } callback(); }); - callback(); }); }); diff --git a/registry/html/login_once.html b/registry/html/login_once.html index 8e74617..0468725 100644 --- a/registry/html/login_once.html +++ b/registry/html/login_once.html @@ -62,7 +62,7 @@

Scegli la tua password personale

$("#step2").html(data); }, error: function (jqXHR, textStatus, errorThrown) { - $("#step2").html("Si e' verificato un errore."); + $("#step2").html(""+jqXHR.responseText+""); } }); return false; diff --git a/registry/login_once.js b/registry/login_once.js index 4a56f9d..3591eb9 100644 --- a/registry/login_once.js +++ b/registry/login_once.js @@ -63,14 +63,13 @@ var handleRequest = function (request, response, matricola, token, hash) { callback(error); return; } - callback(); + utils.writeHeadVerboseCORS(response, 500, { + "Content-Type": "text/plain" + }); + response.end( + "La chiave inserita e' scaduta. Riparti da Sign Up o Reset password." + ); }); - utils.writeHeadVerboseCORS(response, 500, { - "Content-Type": "text/plain" - }); - response.end( - "La chiave inserita e' scaduta. Riparti da Sign Up o Reset password." - ); return; } console.info("login_once: right token --> saveUsers");