X-Git-Url: https://git.auder.net/?p=vchess.git;a=blobdiff_plain;f=server%2Fmodels%2FUser.js;h=edb3c06e217c47139133f6c1e751599856c55e9a;hp=ab826d9142db3a5b089f82af52939ccbe1f15762;hb=2c5d7b20742b802d9c47916915c1114bcfc9a9c3;hpb=9edfb7146fdc4dd08914b2a117d2852e705353aa

diff --git a/server/models/User.js b/server/models/User.js
index ab826d91..edb3c06e 100644
--- a/server/models/User.js
+++ b/server/models/User.js
@@ -83,20 +83,22 @@ const UserModel = {
 
   // Set session token only if empty (first login)
   // NOTE: weaker security (but avoid to re-login everywhere after each logout)
-  // TODO: option would be to reset all tokens periodically, e.g. every 3 months
+  // TODO: option would be to reset all tokens periodically (every 3 months?)
   trySetSessionToken: function(id, cb) {
     db.serialize(function() {
       let query =
         "SELECT sessionToken " +
         "FROM Users " +
         "WHERE id = " + id;
-      db.get(query, (err,ret) => {
+      db.get(query, (err, ret) => {
         const token = ret.sessionToken || genToken(params.token.length);
+        const setSessionToken =
+          (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "");
         query =
           "UPDATE Users " +
           // Also empty the login token to invalidate future attempts
           "SET loginToken = NULL" +
-          (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
+          setSessionToken + " " +
           "WHERE id = " + id;
         db.run(query);
         cb(token);