✨ add issued_by column to access token (#8284)

closes #6626

- see https://github.com/TryGhost/Ghost/issues/6626#issuecomment-291445977
- adding this column could make our lives easier in the future

core/server/auth/utils.js

@@ -70,14 +70,6 @@ module.exports.createTokens = function createTokens(options) {
                     token: oldRefreshToken
                 }, modelOptions));
             })
-            .then(function () {
-                return models.Accesstoken.add({
-                    token: newAccessToken,
-                    user_id: userId,
-                    client_id: clientId,
-                    expires: accessExpires
-                }, modelOptions);
-            })
             .then(function () {
                 return models.Refreshtoken.add({
                     token: newRefreshToken,
@@ -86,6 +78,15 @@ module.exports.createTokens = function createTokens(options) {
                     expires: refreshExpires
                 }, modelOptions);
             })
+            .then(function (refreshToken) {
+                return models.Accesstoken.add({
+                    token: newAccessToken,
+                    user_id: userId,
+                    client_id: clientId,
+                    issued_by: refreshToken.id,
+                    expires: accessExpires
+                }, modelOptions);
+            })
             .then(function () {
                 return {
                     access_token: newAccessToken,

core/server/data/schema/schema.js

@@ -187,6 +187,7 @@ module.exports = {
         token: {type: 'string', maxlength: 191, nullable: false, unique: true},
         user_id: {type: 'string', maxlength: 24, nullable: false, references: 'users.id'},
         client_id: {type: 'string', maxlength: 24, nullable: false, references: 'clients.id'},
+        issued_by: {type: 'string', maxlength: 24, nullable: true},
         expires: {type: 'bigInteger', nullable: false}
     },
     refreshtokens: {

core/test/functional/routes/api/authentication_spec.js

@@ -61,12 +61,26 @@ describe('Authentication API', function () {
                     return done(err);
                 }
                 should.not.exist(res.headers['x-cache-invalidate']);
-                var jsonResponse = res.body;
+                var jsonResponse = res.body,
+                    newAccessToken;
+
                 should.exist(jsonResponse.access_token);
                 should.exist(jsonResponse.refresh_token);
                 should.exist(jsonResponse.expires_in);
                 should.exist(jsonResponse.token_type);
-                done();
+
+                models.Accesstoken.findOne({
+                    token: jsonResponse.access_token
+                }).then(function (_newAccessToken) {
+                    newAccessToken = _newAccessToken;
+
+                    return models.Refreshtoken.findOne({
+                        token: jsonResponse.refresh_token
+                    });
+                }).then(function (newRefreshToken) {
+                    newAccessToken.get('issued_by').should.eql(newRefreshToken.id);
+                    done();
+                }).catch(done);
             });
     });
 

core/test/unit/migration_spec.js

@@ -19,7 +19,7 @@ var should = require('should'), // jshint ignore:line
 // both of which are required for migrations to work properly.
 describe('DB version integrity', function () {
     // Only these variables should need updating
-    var currentSchemaHash = '461181eefd9a9171099093b67c59b90a',
+    var currentSchemaHash = '961370c4b76ac026104182be9bb75695',
         currentFixturesHash = 'ad12de59b939b13dc198611a6438ab51';
 
     // If this test is failing, then it is likely a change has been made that requires a DB version bump,