yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-16 10:07:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix expiration date checks on api token strategy

Browse Source
This commit is contained in:
Convly 2022-08-25 15:44:10 +02:00
parent 4c6c5e5218
commit 87520328bd
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
packages/core/admin/server/strategies/api-token.js
View File

@ -1,6 +1,6 @@
'use strict'; 'use strict';
const { castArray, isNil } = require('lodash/fp'); const { castArray } = require('lodash/fp');
const { UnauthorizedError, ForbiddenError } = require('@strapi/utils').errors; const { UnauthorizedError, ForbiddenError } = require('@strapi/utils').errors;
const constants = require('../services/constants'); const constants = require('../services/constants');
const { getService } = require('../utils'); const { getService } = require('../utils');
@ -42,14 +42,17 @@ const authenticate = async (ctx) => {
return { authenticated: false }; return { authenticated: false };
} }
const expirationDate = new Date(apiToken.expiresAt);
const currentDate = new Date();
// token has expired // token has expired
if (!isNil(apiToken.expiresAt) && apiToken.expiresAt < Date.now()) { if (expirationDate < currentDate) {
throw new UnauthorizedError('Token expired'); throw new UnauthorizedError('Token expired');
} }
// update lastUsedAt // update lastUsedAt
await apiTokenService.update(apiToken.id, { await apiTokenService.update(apiToken.id, {
lastUsedAt: new Date(), lastUsedAt: currentDate,
}); });
if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) { if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {
@ -74,8 +77,11 @@ const verify = (auth, config) => {
throw new UnauthorizedError('Token not found'); throw new UnauthorizedError('Token not found');
} }
const expirationDate = new Date(apiToken.expiresAt);
const currentDate = new Date();
// token has expired // token has expired
if (!isNil(apiToken.expiresAt) && apiToken.expiresAt < Date.now()) { if (expirationDate < currentDate) {
throw new UnauthorizedError('Token expired'); throw new UnauthorizedError('Token expired');
} }