From db5bcb78a3eee5b086a73fe0fe1746352e0fbb33 Mon Sep 17 00:00:00 2001 From: "J. King" Date: Fri, 26 Jul 2019 20:06:47 -0400 Subject: [PATCH] Fix lookup of evergreen tokens --- lib/Database.php | 2 +- tests/cases/Database/SeriesToken.php | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/Database.php b/lib/Database.php index 366d84d..7c61aff 100644 --- a/lib/Database.php +++ b/lib/Database.php @@ -440,7 +440,7 @@ class Database { /** Look up data associated with a token */ public function tokenLookup(string $class, string $id): array { - $out = $this->db->prepare("SELECT id,class,\"user\",created,expires from arsse_tokens where class = ? and id = ? and expires > CURRENT_TIMESTAMP", "str", "str")->run($class, $id)->getRow(); + $out = $this->db->prepare("SELECT id,class,\"user\",created,expires from arsse_tokens where class = ? and id = ? and (expires is null or expires > CURRENT_TIMESTAMP)", "str", "str")->run($class, $id)->getRow(); if (!$out) { throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "token", 'id' => $id]); } diff --git a/tests/cases/Database/SeriesToken.php b/tests/cases/Database/SeriesToken.php index ef223df..028689d 100644 --- a/tests/cases/Database/SeriesToken.php +++ b/tests/cases/Database/SeriesToken.php @@ -60,8 +60,14 @@ trait SeriesToken { 'class' => "class.class", 'user' => "john.doe@example.com" ]; + $exp3 = [ + 'id' => "ab3b3eb8a13311e78667001e673b2560", + 'class' => "class.class", + 'user' => "jane.doe@example.com" + ]; $this->assertArraySubset($exp1, Arsse::$db->tokenLookup("fever.login", "80fa94c1a11f11e78667001e673b2560")); $this->assertArraySubset($exp2, Arsse::$db->tokenLookup("class.class", "da772f8fa13c11e78667001e673b2560")); + $this->assertArraySubset($exp3, Arsse::$db->tokenLookup("class.class", "ab3b3eb8a13311e78667001e673b2560")); // token lookup should not check authorization Phake::when(Arsse::$user)->authorize->thenReturn(false); $this->assertArraySubset($exp1, Arsse::$db->tokenLookup("fever.login", "80fa94c1a11f11e78667001e673b2560"));