✨ add issued_by column to access token (#8284)

closes #6626 - see https://github.com/TryGhost/Ghost/issues/6626#issuecomment-291445977 - adding this column could make our lives easier in the future
2024-11-24 06:35:49 +03:00 · 2017-04-11 14:12:14 +02:00 · 2017-04-11 14:12:14 +02:00 · 049b6d9874
commit 049b6d9874
parent a3387adb99
4 changed files with 27 additions and 11 deletions
--- a/core/server/auth/utils.js
+++ b/core/server/auth/utils.js
@ -70,14 +70,6 @@ module.exports.createTokens = function createTokens(options) {
                    token: oldRefreshToken
                }, modelOptions));
            })
-            .then(function () {
-                return models.Accesstoken.add({
-                    token: newAccessToken,
-                    user_id: userId,
-                    client_id: clientId,
-                    expires: accessExpires
-                }, modelOptions);
-            })
            .then(function () {
                return models.Refreshtoken.add({
                    token: newRefreshToken,
@ -86,6 +78,15 @@ module.exports.createTokens = function createTokens(options) {
                    expires: refreshExpires
                }, modelOptions);
            })
+            .then(function (refreshToken) {
+                return models.Accesstoken.add({
+                    token: newAccessToken,
+                    user_id: userId,
+                    client_id: clientId,
+                    issued_by: refreshToken.id,
+                    expires: accessExpires
+                }, modelOptions);
+            })
            .then(function () {
                return {
                    access_token: newAccessToken,
--- a/core/server/data/schema/schema.js
+++ b/core/server/data/schema/schema.js
@ -187,6 +187,7 @@ module.exports = {
        token: {type: 'string', maxlength: 191, nullable: false, unique: true},
        user_id: {type: 'string', maxlength: 24, nullable: false, references: 'users.id'},
        client_id: {type: 'string', maxlength: 24, nullable: false, references: 'clients.id'},
+        issued_by: {type: 'string', maxlength: 24, nullable: true},
        expires: {type: 'bigInteger', nullable: false}
    },
    refreshtokens: {
--- a/core/test/functional/routes/api/authentication_spec.js
+++ b/core/test/functional/routes/api/authentication_spec.js
@ -61,12 +61,26 @@ describe('Authentication API', function () {
                    return done(err);
                }
                should.not.exist(res.headers['x-cache-invalidate']);
-                var jsonResponse = res.body;
+                var jsonResponse = res.body,
+                    newAccessToken;
+
                should.exist(jsonResponse.access_token);
                should.exist(jsonResponse.refresh_token);
                should.exist(jsonResponse.expires_in);
                should.exist(jsonResponse.token_type);
-                done();
+
+                models.Accesstoken.findOne({
+                    token: jsonResponse.access_token
+                }).then(function (_newAccessToken) {
+                    newAccessToken = _newAccessToken;
+
+                    return models.Refreshtoken.findOne({
+                        token: jsonResponse.refresh_token
+                    });
+                }).then(function (newRefreshToken) {
+                    newAccessToken.get('issued_by').should.eql(newRefreshToken.id);
+                    done();
+                }).catch(done);
            });
    });

--- a/core/test/unit/migration_spec.js
+++ b/core/test/unit/migration_spec.js
@ -19,7 +19,7 @@ var should = require('should'), // jshint ignore:line
 // both of which are required for migrations to work properly.
 describe('DB version integrity', function () {
    // Only these variables should need updating
-    var currentSchemaHash = '461181eefd9a9171099093b67c59b90a',
+    var currentSchemaHash = '961370c4b76ac026104182be9bb75695',
        currentFixturesHash = 'ad12de59b939b13dc198611a6438ab51';

    // If this test is failing, then it is likely a change has been made that requires a DB version bump,