From b1d99fb6ed1db01bb00d1bf6925c5ad795584327 Mon Sep 17 00:00:00 2001
From: "renater.salaun" <renater.salaun@047e039d-479c-447e-8a29-aa6bf4a09bab>
Date: Wed, 31 Dec 2014 13:12:44 +0000
Subject: [PATCH] Change code to make last token useable only, as suggested by
Lukas: 17/12/14: It seems that multiple tokens can be sent to the same
admin/SP pair and all of these tokens then can be used.
git-svn-id: https://svn.geant.net/GEANT/edugain_testidp_account_manager/trunk@83 047e039d-479c-447e-8a29-aa6bf4a09bab
---
bin/account-manager-client.pl | 31 +++++++++++++++++++------------
bin/account-manager-web.pl | 23 +++++++++++++++++------
conf/create-manager-db.sql | 3 ++-
3 files changed, 38 insertions(+), 19 deletions(-)
diff --git a/bin/account-manager-client.pl b/bin/account-manager-client.pl
index 483e8d0..744667c 100755
--- a/bin/account-manager-client.pl
+++ b/bin/account-manager-client.pl
@@ -8,7 +8,7 @@ use utf8;
use lib "/opt/testidp/IdPAccountManager/lib", ;
use lib "/opt/testidp/IdPAccountManager/conf";
-use Getopt::Long;
+use Getopt::Long qw(:config auto_help);
use POSIX;
use IdPAccountManager::TestAccount;
@@ -17,16 +17,12 @@ use IdPAccountManager::ServiceProvider;
use IdPAccountManager::AuthenticationToken;
my %options;
-unless (&GetOptions(\%options, 'help', 'add_test_account', 'account_profile=s', 'sp_entityid=s', 'list_test_accounts', 'parse_federation_metadata',
+unless (&GetOptions(\%options, 'add_test_account', 'account_profile=s', 'sp_entityid=s', 'list_test_accounts', 'parse_federation_metadata',
'list_service_providers','list_authentication_tokens', 'get_authentication_token', 'add_authentication_token','email_address=s',
'token=s','send_notice','filter_expired','delete','add_service_provider','contacts=s','displayname=s')) {
die "Unknown options.";
}
-if ($options{'help'}) {
- printf "$0 --add_test_account --account_profile=<profile_id> --sp_entityid=<entityid>\n";
-}
-
if ($options{'add_test_account'}) {
unless ($options{'account_profile'}) {
@@ -217,16 +213,27 @@ if ($options{'add_test_account'}) {
die "Missing sp_entityid option";
}
- my $authentication_token = new IdPAccountManager::AuthenticationToken();
+ my $authentication_token = new IdPAccountManager::AuthenticationToken('email_address' => $options{'email_address'},
+ 'sp_entityid' => $options{'sp_entityid'});
unless (defined $authentication_token) {
IdPAccountManager::Tools::do_log('error',"Failed to create token object");
exit -1;
}
- unless ($authentication_token->set('email_address' => $options{'email_address'},
- 'sp_entityid' => $options{'sp_entityid'})) {
- IdPAccountManager::Tools::do_log('error',"Failed to set token value");
- exit -1;
- }
+
+ ## First remove token if on exist for this email+SP
+ if ($authentication_token->load()) {
+ unless ($authentication_token->delete()) {
+ IdPAccountManager::Tools::do_log('error',"Failed to delete token");
+ exit -1;
+ }
+
+ $authentication_token = new IdPAccountManager::AuthenticationToken('email_address' => $options{'email_address'},
+ 'sp_entityid' => $options{'sp_entityid'});
+ unless (defined $authentication_token) {
+ IdPAccountManager::Tools::do_log('error',"Failed to create token object");
+ exit -1;
+ }
+ }
unless ($authentication_token->save()) {
IdPAccountManager::Tools::do_log('error',"Failed to create token");
diff --git a/bin/account-manager-web.pl b/bin/account-manager-web.pl
index 1fe3951..546e99a 100755
--- a/bin/account-manager-web.pl
+++ b/bin/account-manager-web.pl
@@ -375,18 +375,29 @@ sub req_generate_token {
return undef;
}
- my $authentication_token = new IdPAccountManager::AuthenticationToken();
+ my $authentication_token = new IdPAccountManager::AuthenticationToken('email_address' => $self->{'param_in'}{'email_address'},
+ 'sp_entityid' => $self->{'param_in'}{'sp_entityid'});
unless (defined $authentication_token) {
push @{$self->{'param_out'}{'errors'}}, "internal";
&IdPAccountManager::Tools::do_log('error', "Failed to create authentication token");
return undef;
}
- unless ($authentication_token->set('email_address' => $self->{'param_in'}{'email_address'},
- 'sp_entityid' => $self->{'param_in'}{'sp_entityid'})) {
- push @{$self->{'param_out'}{'errors'}}, "internal";
- &IdPAccountManager::Tools::do_log('error', "Failed to update authentication token");
- return undef;
+ ## First remove token if on exist for this email+SP
+ if ($authentication_token->load()) {
+ unless ($authentication_token->delete()) {
+ push @{$self->{'param_out'}{'errors'}}, "internal";
+ &IdPAccountManager::Tools::do_log('error', "Failed to delete previous authentication token with ID %s", $authentication_token->get('id'));
+ return undef;
+ }
+
+ $authentication_token = new IdPAccountManager::AuthenticationToken('email_address' => $self->{'param_in'}{'email_address'},
+ 'sp_entityid' => $self->{'param_in'}{'sp_entityid'});
+ unless (defined $authentication_token) {
+ push @{$self->{'param_out'}{'errors'}}, "internal";
+ &IdPAccountManager::Tools::do_log('error', "Failed to create authentication token");
+ return undef;
+ }
}
unless ($authentication_token->save()) {
diff --git a/conf/create-manager-db.sql b/conf/create-manager-db.sql
index a93c0a8..0618719 100644
--- a/conf/create-manager-db.sql
+++ b/conf/create-manager-db.sql
@@ -14,7 +14,8 @@ CREATE TABLE `authenticationtokens` (
`creation_date` int(11) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `token_2` (`token`),
- KEY `token` (`token`)
+ KEY `token` (`token`),
+ CONSTRAINT token_email_entity UNIQUE (email_address(50),sp_entityid(50))
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE `serviceproviders` (
--
GitLab