OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-01-07 20:12:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(token-storage): implement deletion of tokens

Browse Source 
Previously this case was entirely uncovered.
Interesting note: when a token is revoked, existing auth-tokens will
still work. However, you may not refresh them in case permissions
have been revoked. It's good as there is only one code-path to deal
with (and we verified it to be working), and bad for the user as
malicious software can keep using an account for certain time until
the token expires.

Fixes #79
This commit is contained in:
Sebastian Thiel
2015-04-24 09:37:48 +02:00
parent e523ddb6ec
commit 6d84ef906e
1 changed files with 22 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/rust/cli/cmn.rs
View File

@@ -173,15 +173,29 @@ impl TokenStorage for JsonTokenStorage {
// NOTE: logging might be interesting, currently we swallow all errors
fn set(&mut self, scope_hash: u64, _: &Vec<&str>, token: Option<Token>) -> Option<io::Error> {
let json_token = json::encode(&token).unwrap();
match fs::OpenOptions::new().create(true).write(true).open(&self.path(scope_hash)) {
Ok(mut f) => {
match f.write(json_token.as_bytes()) {
Ok(_) => None,
Err(io_err) => Some(io_err),
match token {
None => {
match fs::remove_file(self.path(scope_hash)) {
Err(err) =>
match err.kind() {
io::ErrorKind::NotFound => None,
_ => Some(err)
},
Ok(_) => None
}
},
Err(io_err) => Some(io_err)
}
Some(token) => {
let json_token = json::encode(&token).unwrap();
match fs::OpenOptions::new().create(true).write(true).open(&self.path(scope_hash)) {
Ok(mut f) => {
match f.write(json_token.as_bytes()) {
Ok(_) => None,
Err(io_err) => Some(io_err),
}
},
Err(io_err) => Some(io_err)
}
}
}
}