Added missing user ID to both session and token models

2024-06-16 01:34:52 +12:00 · 2020-11-26 08:12:24 +02:00 · 2020-11-26 08:12:24 +02:00 · 362f84e51b
parent 8d41590596
commit 362f84e51b
6 changed files with 26 additions and 5 deletions
--- a/app/config/collections.php
+++ b/app/config/collections.php
@ -300,6 +300,15 @@ $collections = [
        'name' => 'Token',
        'structure' => true,
        'rules' => [
+            [
+                '$collection' => Database::SYSTEM_COLLECTION_RULES,
+                'label' => 'User ID',
+                'key' => 'userId',
+                'type' => Database::SYSTEM_VAR_TYPE_TEXT,
+                'default' => null,
+                'required' => false,
+                'array' => false,
+            ],
            [
                '$collection' => Database::SYSTEM_COLLECTION_RULES,
                'label' => 'Type',
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@ -190,12 +190,12 @@ App::post('/v1/account/sessions')
        $session = new Document([
            '$collection' => Database::SYSTEM_COLLECTION_TOKENS,
            '$permissions' => ['read' => ['user:'.$profile->getId()], 'write' => ['user:'.$profile->getId()]],
+            'userId' => $profile->getId(),
            'type' => Auth::TOKEN_TYPE_LOGIN,
            'secret' => Auth::hash($secret), // One way hash encryption to protect DB leak
            'expire' => $expiry,
            'userAgent' => $request->getUserAgent('UNKNOWN'),
            'ip' => $request->getIP(),
-
            'osCode' => $osCode,
            'osName' => $osName,
            'osVersion' => $osVersion,
@ -505,7 +505,6 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')

        // Create session token, verify user account and update OAuth2 ID and Access Token

-
        $dd = new DeviceDetector($request->getUserAgent('UNKNOWN'));

        $dd->parse();
@ -528,12 +527,12 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
        $session = new Document([
            '$collection' => Database::SYSTEM_COLLECTION_TOKENS,
            '$permissions' => ['read' => ['user:'.$user['$id']], 'write' => ['user:'.$user['$id']]],
+            'userId' => $user->getId(),
            'type' => Auth::TOKEN_TYPE_LOGIN,
            'secret' => Auth::hash($secret), // One way hash encryption to protect DB leak
            'expire' => $expiry,
            'userAgent' => $request->getUserAgent('UNKNOWN'),
            'ip' => $request->getIP(),
-
            'osCode' => $osCode,
            'osName' => $osName,
            'osVersion' => $osVersion,
@ -1192,6 +1191,7 @@ App::post('/v1/account/recovery')
        $recovery = new Document([
            '$collection' => Database::SYSTEM_COLLECTION_TOKENS,
            '$permissions' => ['read' => ['user:'.$profile->getId()], 'write' => ['user:'.$profile->getId()]],
+            'userId' => $profile->getId(),
            'type' => Auth::TOKEN_TYPE_RECOVERY,
            'secret' => Auth::hash($secret), // One way hash encryption to protect DB leak
            'expire' => \time() + Auth::TOKEN_EXPIRATION_RECOVERY,
@ -1382,6 +1382,7 @@ App::post('/v1/account/verification')
        $verification = new Document([
            '$collection' => Database::SYSTEM_COLLECTION_TOKENS,
            '$permissions' => ['read' => ['user:'.$user->getId()], 'write' => ['user:'.$user->getId()]],
+            'userId' => $user->getId(),
            'type' => Auth::TOKEN_TYPE_VERIFICATION,
            'secret' => Auth::hash($verificationSecret), // One way hash encryption to protect DB leak
            'expire' => \time() + Auth::TOKEN_EXPIRATION_CONFIRM,
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@ -581,6 +581,7 @@ App::patch('/v1/teams/:teamId/memberships/:inviteId/status')
        $session = new Document([
            '$collection' => Database::SYSTEM_COLLECTION_TOKENS,
            '$permissions' => ['read' => ['user:'.$user->getId()], 'write' => ['user:'.$user->getId()]],
+            'userId' => $user->getId(),
            'type' => Auth::TOKEN_TYPE_LOGIN,
            'secret' => Auth::hash($secret), // One way hash encryption to protect DB leak
            'expire' => $expiry,
--- a/app/controllers/general.php
+++ b/app/controllers/general.php
@ -170,7 +170,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $user, $lo
     */
    if (null !== $key && $user->isEmpty()) {
        $user = new Document([
-            '$id' => 0,
+            '$id' => '',
            'status' => Auth::USER_STATUS_ACTIVATED,
            'email' => 'app.'.$project->getId().'@service.'.$request->getHostname(),
            'password' => '',
--- a/src/Appwrite/Utopia/Response/Model/Session.php
+++ b/src/Appwrite/Utopia/Response/Model/Session.php
@ -15,6 +15,11 @@ class Session extends Model
                'description' => 'Session ID.',
                'example' => '5e5ea5c16897e',
            ])
+            ->addRule('userId', [
+                'type' => self::TYPE_STRING,
+                'description' => 'User ID.',
+                'example' => '5e5bb8c16897e',
+            ])
            ->addRule('expire', [
                'type' => self::TYPE_INTEGER,
                'description' => 'Session expiration date in Unix timestamp.',
--- a/src/Appwrite/Utopia/Response/Model/Token.php
+++ b/src/Appwrite/Utopia/Response/Model/Token.php
@ -13,7 +13,12 @@ class Token extends Model
            ->addRule('$id', [
                'type' => self::TYPE_STRING,
                'description' => 'Token ID.',
-                'example' => '5e5ea5c16897e',
+                'example' => 'bb8ea5c16897e',
+            ])
+            ->addRule('userId', [
+                'type' => self::TYPE_STRING,
+                'description' => 'User ID.',
+                'example' => '5e5ea5c168bb8',
            ])
            ->addRule('secret', [
                'type' => self::TYPE_STRING,