From 6d84ef906e6b9ff344fd7acac3140bdad3d48e78 Mon Sep 17 00:00:00 2001 From: Sebastian Thiel Date: Fri, 24 Apr 2015 09:37:48 +0200 Subject: [PATCH] fix(token-storage): implement deletion of tokens Previously this case was entirely uncovered. Interesting note: when a token is revoked, existing auth-tokens will still work. However, you may not refresh them in case permissions have been revoked. It's good as there is only one code-path to deal with (and we verified it to be working), and bad for the user as malicious software can keep using an account for certain time until the token expires. Fixes #79 --- src/rust/cli/cmn.rs | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/src/rust/cli/cmn.rs b/src/rust/cli/cmn.rs index 0cd3d189af..4e6c706689 100644 --- a/src/rust/cli/cmn.rs +++ b/src/rust/cli/cmn.rs @@ -173,15 +173,29 @@ impl TokenStorage for JsonTokenStorage { // NOTE: logging might be interesting, currently we swallow all errors fn set(&mut self, scope_hash: u64, _: &Vec<&str>, token: Option) -> Option { - let json_token = json::encode(&token).unwrap(); - match fs::OpenOptions::new().create(true).write(true).open(&self.path(scope_hash)) { - Ok(mut f) => { - match f.write(json_token.as_bytes()) { - Ok(_) => None, - Err(io_err) => Some(io_err), + match token { + None => { + match fs::remove_file(self.path(scope_hash)) { + Err(err) => + match err.kind() { + io::ErrorKind::NotFound => None, + _ => Some(err) + }, + Ok(_) => None } - }, - Err(io_err) => Some(io_err) + } + Some(token) => { + let json_token = json::encode(&token).unwrap(); + match fs::OpenOptions::new().create(true).write(true).open(&self.path(scope_hash)) { + Ok(mut f) => { + match f.write(json_token.as_bytes()) { + Ok(_) => None, + Err(io_err) => Some(io_err), + } + }, + Err(io_err) => Some(io_err) + } + } } }