Skip to content

Commit

Permalink
Fixed a bug in verifyToken controller where we were infinitely renewi…
Browse files Browse the repository at this point in the history
…ng login tokens instead of respecting 28 day expiry
  • Loading branch information
ackinc committed Oct 14, 2018
1 parent 990c8ba commit d5dcd7c
Showing 1 changed file with 27 additions and 19 deletions.
46 changes: 27 additions & 19 deletions packages/api/src/routes/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ routes.post('/generateToken', (req, res) => {
res.status(400).json({ error: 'EMAIL_INVALID' });
} else {
const { email } = req.body;
tokenService.generate({ email }, 900) // 900 seconds = 15 minutes
tokenService.generate({ email, tokenType: 'EMAIL_VERIFICATION' }, 900) // 900 seconds = 15 minutes
.then(token => mailService.sendMail(email, token))
.then(() => res.json({ tokenStatus: 'success', email }))
.catch(() => {
Expand All @@ -44,26 +44,34 @@ routes.post('/generateToken', (req, res) => {
});

routes.post('/verifyToken', isAuthenticated, (req, res) => {
const { email } = req.decoded;

// give the user a longer-lived token that can be used for future auto-login
tokenService.generate({ email }, '28d')
.then((generatedToken) => {
res.cookie('token', generatedToken, {
maxAge: 4 * 7 * 24 * 60 * 60 * 1000, // 4 weeks
});
return models.User.findOne({ email });
})
.then((user) => {
res.json({
authentication: 'success',
isNewUser: user === null,
const { email, tokenType } = req.decoded;
console.log(tokenType);
if (tokenType === 'EMAIL_VERIFICATION') {
// give the user a longer-lived token that can be used for future auto-login
tokenService.generate({ email, tokenType: 'LOGIN' }, '28d')
.then((generatedToken) => {
res.cookie('token', generatedToken, {
maxAge: 4 * 7 * 24 * 60 * 60 * 1000, // 4 weeks
});
return models.User.findOne({ email });
})
.then((user) => {
res.json({
authentication: 'success',
isNewUser: user === null,
});
})
.catch(() => {
// TODO: error logging
res.status(500).json({ error: 'Server error' });
});
})
.catch(() => {
// TODO: error logging
res.status(500).json({ error: 'Server error' });
} else {
// user already has a login token, so just acknowledge the sign-in
res.json({
authentication: 'success',
isNewUser: false,
});
}
});

module.exports = routes;

0 comments on commit d5dcd7c

Please sign in to comment.