Change code to make last token useable only, as suggested by Lukas:

17/12/14: It seems that multiple tokens can be sent to the same admin/SP pair and all of these tokens then can be used.


git-svn-id: https://svn.geant.net/GEANT/edugain_testidp_account_manager/trunk@83 047e039d-479c-447e-8a29-aa6bf4a09bab

bin/account-manager-client.pl

@@ -8,7 +8,7 @@ use utf8;
 use lib "/opt/testidp/IdPAccountManager/lib", ;
 use lib "/opt/testidp/IdPAccountManager/conf";
 
-use Getopt::Long;
+use Getopt::Long qw(:config auto_help);
 use POSIX;
 
 use IdPAccountManager::TestAccount;
@@ -17,16 +17,12 @@ use IdPAccountManager::ServiceProvider;
 use IdPAccountManager::AuthenticationToken;
 
 my %options;
-unless (&GetOptions(\%options, 'help', 'add_test_account', 'account_profile=s', 'sp_entityid=s', 'list_test_accounts', 'parse_federation_metadata',
+unless (&GetOptions(\%options, 'add_test_account', 'account_profile=s', 'sp_entityid=s', 'list_test_accounts', 'parse_federation_metadata',
                     'list_service_providers','list_authentication_tokens', 'get_authentication_token', 'add_authentication_token','email_address=s',
                     'token=s','send_notice','filter_expired','delete','add_service_provider','contacts=s','displayname=s')) {
     die "Unknown options.";
 }
 
-if ($options{'help'}) {
-    printf "$0 --add_test_account --account_profile=<profile_id> --sp_entityid=<entityid>\n";
-}
-
 if ($options{'add_test_account'}) {
     
     unless ($options{'account_profile'}) {
@@ -217,16 +213,27 @@ if ($options{'add_test_account'}) {
         die "Missing sp_entityid option";
     }
     
-    my $authentication_token = new IdPAccountManager::AuthenticationToken();
+    my $authentication_token = new IdPAccountManager::AuthenticationToken('email_address' => $options{'email_address'},
+                                                                          'sp_entityid' => $options{'sp_entityid'});
     unless (defined $authentication_token) {
          IdPAccountManager::Tools::do_log('error',"Failed to create token object");
          exit -1;
     }
-    unless ($authentication_token->set('email_address' => $options{'email_address'},
-                                       'sp_entityid' => $options{'sp_entityid'})) {
-        IdPAccountManager::Tools::do_log('error',"Failed to set token value");
-        exit -1;
-    }    
+
+    ## First remove token if on exist for this email+SP
+    if ($authentication_token->load()) {
+        unless ($authentication_token->delete()) {
+            IdPAccountManager::Tools::do_log('error',"Failed to delete token");
+            exit -1;
+        }
+        
+        $authentication_token = new IdPAccountManager::AuthenticationToken('email_address' => $options{'email_address'},
+                                                                          'sp_entityid' => $options{'sp_entityid'});
+        unless (defined $authentication_token) {
+            IdPAccountManager::Tools::do_log('error',"Failed to create token object");
+            exit -1;
+        }
+    }
     
     unless ($authentication_token->save()) {
         IdPAccountManager::Tools::do_log('error',"Failed to create token");

bin/account-manager-web.pl

@@ -375,18 +375,29 @@ sub req_generate_token {
 	return undef;        
     }
     
-    my $authentication_token = new IdPAccountManager::AuthenticationToken();
+    my $authentication_token = new IdPAccountManager::AuthenticationToken('email_address' => $self->{'param_in'}{'email_address'},
+                                                                          'sp_entityid' => $self->{'param_in'}{'sp_entityid'});
     unless (defined $authentication_token) {
  	push @{$self->{'param_out'}{'errors'}}, "internal";
 	&IdPAccountManager::Tools::do_log('error', "Failed to create authentication token");
 	return undef;
     }
     
-    unless ($authentication_token->set('email_address' => $self->{'param_in'}{'email_address'},
-                                       'sp_entityid' => $self->{'param_in'}{'sp_entityid'})) {
- 	push @{$self->{'param_out'}{'errors'}}, "internal";
-	&IdPAccountManager::Tools::do_log('error', "Failed to update authentication token");
-	return undef;
+    ## First remove token if on exist for this email+SP
+    if ($authentication_token->load()) {
+        unless ($authentication_token->delete()) {
+            push @{$self->{'param_out'}{'errors'}}, "internal";
+            &IdPAccountManager::Tools::do_log('error', "Failed to delete previous authentication token with ID %s", $authentication_token->get('id'));
+            return undef;
+        }
+        
+        $authentication_token = new IdPAccountManager::AuthenticationToken('email_address' => $self->{'param_in'}{'email_address'},
+                                                                          'sp_entityid' => $self->{'param_in'}{'sp_entityid'});
+        unless (defined $authentication_token) {
+            push @{$self->{'param_out'}{'errors'}}, "internal";
+            &IdPAccountManager::Tools::do_log('error', "Failed to create authentication token");
+            return undef;
+        }
     }    
     
     unless ($authentication_token->save()) {

conf/create-manager-db.sql

@@ -14,7 +14,8 @@ CREATE TABLE `authenticationtokens` (
   `creation_date` int(11) DEFAULT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `token_2` (`token`),
-  KEY `token` (`token`)
+  KEY `token` (`token`),
+  CONSTRAINT token_email_entity UNIQUE (email_address(50),sp_entityid(50))
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
 
 CREATE TABLE `serviceproviders` (