Skip to content

Commit

Permalink
add date check to checkToken
Browse files Browse the repository at this point in the history
  • Loading branch information
@META-DREAMER
META-DREAMER committed Jan 17, 2017
1 parent 1db4d53 commit 926184b
Showing 1 changed file with 23 additions and 6 deletions.
29 changes: 23 additions & 6 deletions meteor-server/src/Query/checkToken.js
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,30 @@
import {Accounts} from 'meteor/accounts-base'
import {Meteor} from 'meteor/meteor'

export default async function (root, { token }, {userId}) {
const user = Meteor.users.findOne({
_id: userId,
'services.resume.loginTokens.hashedToken' : Accounts._hashLoginToken(token)
export default async function (root, { token }, context) {
let userId = null;

const user = await Meteor.users.findOne({
_id: context.userId,
'services.resume.loginTokens.hashedToken': Accounts._hashLoginToken(token),
}, {
fields: {
_id: 1,
'services.resume.loginTokens.$': 1,
},
});

if (user) {
const loginToken = user.services.resume.loginTokens[0];
const expiresAt = Accounts._tokenExpiration(loginToken.when);
const isExpired = expiresAt < new Date();

This comment has been minimized.

Sign in to view

Copy link
@dbrrt

dbrrt Jan 17, 2017
edited
Loading

Contributor

Just wondering if expiresAt can be compared with new Date(), without being explicitly "casted" as a JavaScript Date object, it may be interesting to test if expiresAt is a valid Date object, if not throwing an error? Good job btw!

This comment has been minimized.

Sign in to view

Copy link
@META-DREAMER

META-DREAMER Jan 17, 2017

Author Contributor

Check my latest commit and comment on the pull request, turns out we dont need to do any of this

if (!isExpired) {
userId = user._id;
}
}
return {
success: !!user,
userId: user._id || null
success: !!userId,
userId
};
}

0 comments on commit 926184b

Please sign in to comment.