projects
/
vchess.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add translations for Ambiguous chess
[vchess.git]
/
server
/
models
/
User.js
diff --git
a/server/models/User.js
b/server/models/User.js
index
0ff8e1c
..
edb3c06
100644
(file)
--- a/
server/models/User.js
+++ b/
server/models/User.js
@@
-83,20
+83,22
@@
const UserModel = {
// Set session token only if empty (first login)
// NOTE: weaker security (but avoid to re-login everywhere after each logout)
// Set session token only if empty (first login)
// NOTE: weaker security (but avoid to re-login everywhere after each logout)
- // TODO: option would be to reset all tokens periodically
, e.g. every 3 months
+ // TODO: option would be to reset all tokens periodically
(every 3 months?)
trySetSessionToken: function(id, cb) {
db.serialize(function() {
let query =
"SELECT sessionToken " +
"FROM Users " +
"WHERE id = " + id;
trySetSessionToken: function(id, cb) {
db.serialize(function() {
let query =
"SELECT sessionToken " +
"FROM Users " +
"WHERE id = " + id;
- db.get(query, (err,ret) => {
+ db.get(query, (err,
ret) => {
const token = ret.sessionToken || genToken(params.token.length);
const token = ret.sessionToken || genToken(params.token.length);
+ const setSessionToken =
+ (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "");
query =
"UPDATE Users " +
// Also empty the login token to invalidate future attempts
"SET loginToken = NULL" +
query =
"UPDATE Users " +
// Also empty the login token to invalidate future attempts
"SET loginToken = NULL" +
-
(!ret.sessionToken ? (", sessionToken = '" + token + "'") : "")
+ " " +
+
setSessionToken
+ " " +
"WHERE id = " + id;
db.run(query);
cb(token);
"WHERE id = " + id;
db.run(query);
cb(token);
@@
-149,7
+151,8
@@
const UserModel = {
// Remove users unlogged for > 24h
if (!u.sessionToken && tsNow - u.created > day)
{
// Remove users unlogged for > 24h
if (!u.sessionToken && tsNow - u.created > day)
{
- notify(
+ toRemove.push(u.id);
+ UserModel.notify(
u,
"Your account has been deleted because " +
"you didn't log in for 24h after registration"
u,
"Your account has been deleted because " +
"you didn't log in for 24h after registration"