nexacenter · alemela · Jun 30, 2014 · Jul 7, 2014 · bassosimone · Jun 30, 2014
diff --git a/registry/backend.js b/registry/backend.js
@@ -37,6 +37,7 @@ var utils = require("./utils");
 
 var MATRICOLA = /^[0-9]{6}$/;
 var TOKEN = /^[A-Fa-f0-9]{40}$/;
+var MAYBE_EMPTY_TOKEN = /^(|[A-Fa-f0-9]{40})$/;
 var PWDHASH = /^[A-Fa-f0-9]{32}$/;
 var URL = /^(|http(|s)\:\/\/[A-Za-z0-9\.\-\_\%\?\&\=\/]+)$/;
 
@@ -111,12 +112,32 @@ exports.saveUsers = function (matricola, hash, callback) {
                 return;
             }
             console.log("backend: password stored for %s", matricola);
-            callback();
+            exports.removeToken(matricola, function (error) {
+                if (error) {
+                    callback(error);
+                    return;
+                }
+                callback();
+            });
         });
 
     });
 };
 
+exports.removeToken = function (matricola, callback) {
+    var delToken = {Matricola: matricola,
+                    Token: "",
+                    TokenDate: ""};
+    exports.writeStudentInfo(delToken, function (error) {
+        if (error) {
+             callback(error);
+             return;
+        }
+        console.log("backend: token removed for %s", delToken.Matricola);
+        callback();
+    });
+};
+
 exports.readStudentInfo = function (matricola, callback) {
 
     console.info("backend: readStudentInfo");
@@ -169,6 +190,9 @@ function doWriteInfo(curInfo, callback) {
 var knownKeys = {
     "Nome": /^[A-Za-z\'\- ]+$/,
     "Cognome": /^[A-Za-z\'\- ]+$/,
+    "Matricola": MATRICOLA,
+    "Token": MAYBE_EMPTY_TOKEN,
+    "TokenDate": /^(|[0-9]{14})$/,
     "Blog": URL,
     "Twitter": /^(|@[A-Za-z0-9_]{1,15})$/,
     "Wikipedia": /^(|(U|u)tente\:[^\{\}\[\]\#\|\<\>][^\{\}\[\]\#\|\<\>]+)$/,
@@ -212,12 +236,12 @@ exports.writeStudentInfo = function (newInfo, callback) {
         for (index = 0; index < keys.length; ++index) {
             key = keys[index];
             if (knownKeys[key] === undefined) {
-                console.warn("backend: unknown key");
+                console.warn("backend: unknown key %s", key);
                 callback("backend: unknown key");
                 return;
             }
             if (newInfo[key].match(knownKeys[key]) === null) {
-                console.info("backend: regexp does not match");
+                console.info("backend: regexp does not match for %s", key);
                 callback("signup: regexp does not match");
                 return;
             }

diff --git a/registry/html/login_once.html b/registry/html/login_once.html
@@ -62,7 +62,7 @@ <h3>Scegli la tua password personale</h3>
                         $("#step2").html(data);
                     },
                     error: function (jqXHR, textStatus, errorThrown) {
-                        $("#step2").html("<b>Si e' verificato un errore.</b>");
+                        $("#step2").html("<b>"+jqXHR.responseText+"</b>");
                     }
                 });
             return false;

diff --git a/registry/login_once.js b/registry/login_once.js
@@ -52,6 +52,26 @@ var handleRequest = function (request, response, matricola, token, hash) {
             );
             return;
         }
+        var currentDate = new Date();
+        var tokenDate = new Date(obj.TokenDate.replace(
+            /^(\d{4})(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)$/,'$4:$5:$6 $2/$3/$1'));
+        var differenceInMs = currentDate - tokenDate;
+        if (differenceInMs > 86400000) { //one day in ms
+            console.info("login_once: token expired");
+            backend.removeToken(matricola, function (error) {
+                if (error) {
+                    callback(error);
+                    return;
+                }
+                utils.writeHeadVerboseCORS(response, 500, {
+                    "Content-Type": "text/plain"
+                });
+                response.end(
+                    "La chiave inserita e' scaduta. Riparti da Sign Up o Reset password."
+                );
+            });
+            return;
+        }
         console.info("login_once: right token --> saveUsers");
         backend.saveUsers(matricola, hash, function (error) {
             if (error) {

diff --git a/registry/signup.js b/registry/signup.js
@@ -86,6 +86,9 @@ exports.handleMatricola = function (request, response) {
 
                 try {
                     studentInfo.Token = crypto.randomBytes(20).toString("hex");
+                    studentInfo.TokenDate = new Date().toISOString()
+                        .replace(/T/,'').replace(/\..+/, '').replace(/:/g,'')
+                        .replace(/-/g,'');
                 } catch (error) {
                     utils.internalError(error, request, response);
                     return;
@@ -116,6 +119,7 @@ exports.handleMatricola = function (request, response) {
                 "Cognome": cognome,
                 "Matricola": message.Matricola,
                 "Token": "",
+                "TokenDate": "",
                 "Blog": "",
                 "Twitter": "",
                 "Wikipedia": "",