diff --git a/core/server/auth/utils.js b/core/server/auth/utils.js index 8d227a46e2..1c6b3488fa 100644 --- a/core/server/auth/utils.js +++ b/core/server/auth/utils.js @@ -70,14 +70,6 @@ module.exports.createTokens = function createTokens(options) { token: oldRefreshToken }, modelOptions)); }) - .then(function () { - return models.Accesstoken.add({ - token: newAccessToken, - user_id: userId, - client_id: clientId, - expires: accessExpires - }, modelOptions); - }) .then(function () { return models.Refreshtoken.add({ token: newRefreshToken, @@ -86,6 +78,15 @@ module.exports.createTokens = function createTokens(options) { expires: refreshExpires }, modelOptions); }) + .then(function (refreshToken) { + return models.Accesstoken.add({ + token: newAccessToken, + user_id: userId, + client_id: clientId, + issued_by: refreshToken.id, + expires: accessExpires + }, modelOptions); + }) .then(function () { return { access_token: newAccessToken, diff --git a/core/server/data/schema/schema.js b/core/server/data/schema/schema.js index 6b191d0008..e3eaeebf5b 100644 --- a/core/server/data/schema/schema.js +++ b/core/server/data/schema/schema.js @@ -187,6 +187,7 @@ module.exports = { token: {type: 'string', maxlength: 191, nullable: false, unique: true}, user_id: {type: 'string', maxlength: 24, nullable: false, references: 'users.id'}, client_id: {type: 'string', maxlength: 24, nullable: false, references: 'clients.id'}, + issued_by: {type: 'string', maxlength: 24, nullable: true}, expires: {type: 'bigInteger', nullable: false} }, refreshtokens: { diff --git a/core/test/functional/routes/api/authentication_spec.js b/core/test/functional/routes/api/authentication_spec.js index 6289e44b00..9d9b213529 100644 --- a/core/test/functional/routes/api/authentication_spec.js +++ b/core/test/functional/routes/api/authentication_spec.js @@ -61,12 +61,26 @@ describe('Authentication API', function () { return done(err); } should.not.exist(res.headers['x-cache-invalidate']); - var jsonResponse = res.body; + var jsonResponse = res.body, + newAccessToken; + should.exist(jsonResponse.access_token); should.exist(jsonResponse.refresh_token); should.exist(jsonResponse.expires_in); should.exist(jsonResponse.token_type); - done(); + + models.Accesstoken.findOne({ + token: jsonResponse.access_token + }).then(function (_newAccessToken) { + newAccessToken = _newAccessToken; + + return models.Refreshtoken.findOne({ + token: jsonResponse.refresh_token + }); + }).then(function (newRefreshToken) { + newAccessToken.get('issued_by').should.eql(newRefreshToken.id); + done(); + }).catch(done); }); }); diff --git a/core/test/unit/migration_spec.js b/core/test/unit/migration_spec.js index d67882dd7a..7fb233fecd 100644 --- a/core/test/unit/migration_spec.js +++ b/core/test/unit/migration_spec.js @@ -19,7 +19,7 @@ var should = require('should'), // jshint ignore:line // both of which are required for migrations to work properly. describe('DB version integrity', function () { // Only these variables should need updating - var currentSchemaHash = '461181eefd9a9171099093b67c59b90a', + var currentSchemaHash = '961370c4b76ac026104182be9bb75695', currentFixturesHash = 'ad12de59b939b13dc198611a6438ab51'; // If this test is failing, then it is likely a change has been made that requires a DB version bump,