Change code to make last token useable only, as suggested by Lukas:

17/12/14: It seems that multiple tokens can be sent to the same admin/SP pair and all of these tokens then can be used. git-svn-id: https://svn.geant.net/GEANT/edugain_testidp_account_manager/trunk@83 047e039d-479c-447e-8a29-aa6bf4a09bab

Change code to make last token useable only, as suggested by Lukas:
b1d99fb6 · renater.salaun · 4e9e35fc · b1d99fb6 · b1d99fb6 · b1d99fb6
Commit b1d99fb6 authored 10 years ago by renater.salaun
--- a/bin/account-manager-client.pl
+++ b/bin/account-manager-client.pl
@@ -8,7 +8,7 @@ use utf8;
 use lib "/opt/testidp/IdPAccountManager/lib", ;
 use lib "/opt/testidp/IdPAccountManager/conf";
-use Getopt::Long;
+use Getopt::Long qw(:config auto_help);
 use POSIX;
 use IdPAccountManager::TestAccount;
@@ -17,16 +17,12 @@ use IdPAccountManager::ServiceProvider;
 use IdPAccountManager::AuthenticationToken;
 my %options;
-unless (&GetOptions(\%options, 'help', 'add_test_account', 'account_profile=s', 'sp_entityid=s', 'list_test_accounts', 'parse_federation_metadata',
+unless (&GetOptions(\%options, 'add_test_account', 'account_profile=s', 'sp_entityid=s', 'list_test_accounts', 'parse_federation_metadata',
                    'list_service_providers','list_authentication_tokens', 'get_authentication_token', 'add_authentication_token','email_address=s',
                    'token=s','send_notice','filter_expired','delete','add_service_provider','contacts=s','displayname=s')) {
    die "Unknown options.";
 }
-if ($options{'help'}) {
-    printf "$0 --add_test_account --account_profile=<profile_id> --sp_entityid=<entityid>\n";
-}
 if ($options{'add_test_account'}) {
    unless ($options{'account_profile'}) {
@@ -217,16 +213,27 @@ if ($options{'add_test_account'}) {
        die "Missing sp_entityid option";
    }
-    my $authentication_token = new IdPAccountManager::AuthenticationToken();
+    my $authentication_token = new IdPAccountManager::AuthenticationToken('email_address' => $options{'email_address'},
+                                                                          'sp_entityid' => $options{'sp_entityid'});
    unless (defined $authentication_token) {
         IdPAccountManager::Tools::do_log('error',"Failed to create token object");
         exit -1;
    }
-    unless ($authentication_token->set('email_address' => $options{'email_address'},
-                                       'sp_entityid' => $options{'sp_entityid'})) {
+    ## First remove token if on exist for this email+SP
-        IdPAccountManager::Tools::do_log('error',"Failed to set token value");
+    if ($authentication_token->load()) {
-        exit -1;
+        unless ($authentication_token->delete()) {
-    }    
+            IdPAccountManager::Tools::do_log('error',"Failed to delete token");
+            exit -1;
+        }
+        $authentication_token = new IdPAccountManager::AuthenticationToken('email_address' => $options{'email_address'},
+                                                                          'sp_entityid' => $options{'sp_entityid'});
+        unless (defined $authentication_token) {
+            IdPAccountManager::Tools::do_log('error',"Failed to create token object");
+            exit -1;
+        }
+    }
    unless ($authentication_token->save()) {
        IdPAccountManager::Tools::do_log('error',"Failed to create token");

--- a/bin/account-manager-web.pl
+++ b/bin/account-manager-web.pl
@@ -375,18 +375,29 @@ sub req_generate_token {
 	return undef;        
    }
-    my $authentication_token = new IdPAccountManager::AuthenticationToken();
+    my $authentication_token = new IdPAccountManager::AuthenticationToken('email_address' => $self->{'param_in'}{'email_address'},
+                                                                          'sp_entityid' => $self->{'param_in'}{'sp_entityid'});
    unless (defined $authentication_token) {
 	push @{$self->{'param_out'}{'errors'}}, "internal";
 	&IdPAccountManager::Tools::do_log('error', "Failed to create authentication token");
 	return undef;
    }
-    unless ($authentication_token->set('email_address' => $self->{'param_in'}{'email_address'},
+    ## First remove token if on exist for this email+SP
-                                       'sp_entityid' => $self->{'param_in'}{'sp_entityid'})) {
+    if ($authentication_token->load()) {
- 	push @{$self->{'param_out'}{'errors'}}, "internal";
+        unless ($authentication_token->delete()) {
-	&IdPAccountManager::Tools::do_log('error', "Failed to update authentication token");
+            push @{$self->{'param_out'}{'errors'}}, "internal";
-	return undef;
+            &IdPAccountManager::Tools::do_log('error', "Failed to delete previous authentication token with ID %s", $authentication_token->get('id'));
+            return undef;
+        }
+        $authentication_token = new IdPAccountManager::AuthenticationToken('email_address' => $self->{'param_in'}{'email_address'},
+                                                                          'sp_entityid' => $self->{'param_in'}{'sp_entityid'});
+        unless (defined $authentication_token) {
+            push @{$self->{'param_out'}{'errors'}}, "internal";
+            &IdPAccountManager::Tools::do_log('error', "Failed to create authentication token");
+            return undef;
+        }
    }    
    unless ($authentication_token->save()) {

--- a/conf/create-manager-db.sql
+++ b/conf/create-manager-db.sql
@@ -14,7 +14,8 @@ CREATE TABLE `authenticationtokens` (
  `creation_date` int(11) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `token_2` (`token`),
-  KEY `token` (`token`)
+  KEY `token` (`token`),
+  CONSTRAINT token_email_entity UNIQUE (email_address(50),sp_entityid(50))
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
 CREATE TABLE `serviceproviders` (