Fix lookup of evergreen tokens

5 years ago · db5bcb78a3
2 changed files with 7 additions and 1 deletions
--- a/lib/Database.php
+++ b/lib/Database.php
@ -440,7 +440,7 @@ class Database {

    /** Look up data associated with a token */
    public function tokenLookup(string $class, string $id): array {
-        $out = $this->db->prepare("SELECT id,class,\"user\",created,expires from arsse_tokens where class = ? and id = ? and expires > CURRENT_TIMESTAMP", "str", "str")->run($class, $id)->getRow();
+        $out = $this->db->prepare("SELECT id,class,\"user\",created,expires from arsse_tokens where class = ? and id = ? and (expires is null or expires > CURRENT_TIMESTAMP)", "str", "str")->run($class, $id)->getRow();
        if (!$out) {
            throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "token", 'id' => $id]);
        }
--- a/tests/cases/Database/SeriesToken.php
+++ b/tests/cases/Database/SeriesToken.php
@ -60,8 +60,14 @@ trait SeriesToken {
            'class' => "class.class",
            'user' => "john.doe@example.com"
        ];
+        $exp3 = [
+            'id' => "ab3b3eb8a13311e78667001e673b2560",
+            'class' => "class.class",
+            'user' => "jane.doe@example.com"
+        ];
        $this->assertArraySubset($exp1, Arsse::$db->tokenLookup("fever.login", "80fa94c1a11f11e78667001e673b2560"));
        $this->assertArraySubset($exp2, Arsse::$db->tokenLookup("class.class", "da772f8fa13c11e78667001e673b2560"));
+        $this->assertArraySubset($exp3, Arsse::$db->tokenLookup("class.class", "ab3b3eb8a13311e78667001e673b2560"));
        // token lookup should not check authorization
        Phake::when(Arsse::$user)->authorize->thenReturn(false);
        $this->assertArraySubset($exp1, Arsse::$db->tokenLookup("fever.login", "80fa94c1a11f11e78667001e673b2560"));