release/2.13.2-DEV

happner · Sep 1, 2016 · ba04c46 · ba04c46
1 parent 6885d03
commit ba04c46
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 13 deletions.
diff --git a/lib/client/plugins/intra-process.js b/lib/client/plugins/intra-process.js
@@ -37,15 +37,16 @@ module.exports = {
 
         _this.authorizeRequest = function (message, handler, callback) {
           callback();
-        }
+        };
 
         _this.__login = function (message, data, handler) {
           _this.session = _this.pubsub.connectLocal(_this.handle_publication.bind(_this), _this.securityService.generateEmptySession());
           return _this.pubsub.handleDataResponseLocal(null, message, _this.session, handler, _this);
-        }
+        };
       }
 
       _this.authenticate(function (e) {
+
         if (e) return callback(e);
 
         _this.initialized = true;
@@ -77,8 +78,6 @@ module.exports = {
       else
         return this.handle_error(error);
     }
-
-
   },
 
   authorizeRequest: function (message, handler, callback) {
@@ -96,7 +95,6 @@ module.exports = {
       callback();
 
     });
-
   },
 
   __login: function (message, data, handler) {

diff --git a/lib/services/security/service.js b/lib/services/security/service.js
@@ -268,12 +268,9 @@ SecurityService.prototype.decodeToken = function (token) {
     if (!token) throw new Error('missing session token');
 
     var decoded = jwt.decode(token, this.config.sessionTokenSecret);
+    var unpacked = require('jsonpack').unpack(decoded);
 
-    //we allow for a minute, in case the backend code takes a while to sync
-    if (decoded.expires > 0 && decoded.expires + 60 < Date.now())
-      throw new Error('expired session token');
-
-    return decoded;
+    return unpacked;
 
   } catch (e) {
     throw new Error('invalid session token');
@@ -338,9 +335,17 @@ SecurityService.prototype.__profileSession = function(session){
 SecurityService.prototype.generateToken = function (session) {
 
   var decoupledSession = this.happn.utils.clone(session);
+
   decoupledSession.type = 0; //stateless
+  decoupledSession.isToken = true;
+
+  delete decoupledSession.user;
+
+  if (session.user && session.user.username) decoupledSession.username = session.user.username;
+
+  var packed = require('jsonpack').pack(decoupledSession);
 
-  return jwt.encode(decoupledSession, this.config.sessionTokenSecret);
+  return jwt.encode(packed, this.config.sessionTokenSecret);
 
 };
 

diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "happn",
   "description": "pub/sub api as a service using primus and mongo & redis or nedb, can work as cluster, single process or embedded using nedb, use in production at your own risk",
-  "version": "2.13.0-DEV",
+  "version": "2.13.2-DEV",
   "main": "./lib/index",
   "scripts": {
     "test": "mocha --expose-gc silence.js test",
@@ -33,6 +33,7 @@
     "happn-logger": "0.0.2",
     "happn-nedb": "1.8.1",
     "happn-util-crypto": "0.2.0",
+    "jsonpack": "^1.1.5",
     "jwt-simple": "0.2.0",
     "lru-cache": "4.0.0",
     "node-uuid": "1.4.7",

diff --git a/test/b9_security_web_token.js b/test/b9_security_web_token.js
@@ -356,7 +356,7 @@ describe('b9_security_web_token', function () {
 
       var encodedDigest = encodeURIComponent(digest);
 
-      doRequest('/auth/login?username=_ADMIN&digest=' + encodedDigest + '&publicKey=' + encodedPublicKey, null, true, function (response) {
+      doRequest('/auth/login?username=_ADMIN&digest=' + encodedDigest + '&publicKey=' + encodedPublicKey, null, true, function (response, body) {
 
         expect(response.statusCode).to.equal(200);
         callback();