fix TC usable everywhere

8c634be7 · Gabriel Zachmann · Gabriel Zachmann · e2477e72 · 8c634be7 · 8c634be7
Commit 8c634be7 authored 2 years ago by Gabriel Zachmann Committed by Gabriel Zachmann 2 years ago
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -34,6 +34,11 @@
 - Restructured capabilities related to other mytokens
 - Added possibility to obtain history information for children and other tokens (capability)

+### Bugfixes
+
+- Fixed a bug where transfer codes could be used just like a short token (but only while the transfer code did not
+  expire)
+
 ## mytoken 0.6.1

 ### API

--- a/config/example-config.yaml
+++ b/config/example-config.yaml
@@ -165,7 +165,7 @@ features:
  # Support for polling codes that are used by native applications. Only disable this if you have good reasons for it.
  polling_codes:
    enabled: true
-    len: 8 # Default 8, max 64, MUST be different from short_tokens len
+    len: 8 # Default 8, max 30, MUST be different from short_tokens len
    expires_after: 300 # The time in seconds how long a polling code can be used
    polling_interval: 5 # The interval in seconds the native application should wait between two polling attempts


--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/jinzhu/copier v0.3.5
 	github.com/jmoiron/sqlx v1.3.5
 	github.com/lestrrat-go/jwx v1.2.25
-	github.com/oidc-mytoken/api v0.9.2-0.20221205154634-0c914eb8569d
+	github.com/oidc-mytoken/api v0.9.2-0.20221206150536-622279e60417
 	github.com/oidc-mytoken/lib v0.6.2-0.20221125141521-dae7f2a63fc2
 	github.com/oidc-mytoken/utils v0.1.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible

--- a/go.sum
+++ b/go.sum
@@ -375,6 +375,8 @@ github.com/oidc-mytoken/api v0.9.2-0.20221125114557-91c7bae719ca h1:Az8gcUKX98Yh
 github.com/oidc-mytoken/api v0.9.2-0.20221125114557-91c7bae719ca/go.mod h1:DBIlUbaIgGlf607VZx8zFC97VR3WNN0kaMVO1AqyTdE=
 github.com/oidc-mytoken/api v0.9.2-0.20221205154634-0c914eb8569d h1:cAP+SXYJMkiwJhWpj4YCjL5OuJ8+OMaxRW8eDdBh1Cg=
 github.com/oidc-mytoken/api v0.9.2-0.20221205154634-0c914eb8569d/go.mod h1:DBIlUbaIgGlf607VZx8zFC97VR3WNN0kaMVO1AqyTdE=
+github.com/oidc-mytoken/api v0.9.2-0.20221206150536-622279e60417 h1:f3Wb4/6m2TbPq5VEbehpY8NgRWK6Txah0kPAu12VvTs=
+github.com/oidc-mytoken/api v0.9.2-0.20221206150536-622279e60417/go.mod h1:DBIlUbaIgGlf607VZx8zFC97VR3WNN0kaMVO1AqyTdE=
 github.com/oidc-mytoken/lib v0.6.2-0.20221125141521-dae7f2a63fc2 h1:ygQMfCtOGnZxsW7cAhBZCSfGgg3qcfvPVkc2Wq+0L4A=
 github.com/oidc-mytoken/lib v0.6.2-0.20221125141521-dae7f2a63fc2/go.mod h1:U0mC1zWdWKYPekoNTYSQZB5SHFk4fPz+JhfPgWs4TTs=
 github.com/oidc-mytoken/utils v0.1.0 h1:Ia60CYjVzs4X35twdAB1NTXDyYjxe/IWDI/MkcvQHnc=

--- a/internal/endpoints/revocation/revocationEndpoint.go
+++ b/internal/endpoints/revocation/revocationEndpoint.go
@@ -135,7 +135,7 @@ func revokeAnyToken(
 ) (errRes *model.Response) {
 	if jwtutils.IsJWT(token) { // normal Mytoken
 		return revokeMytoken(rlog, tx, token, issuer, recursive)
-	} else if len(token) == config.Get().Features.Polling.Len { // Transfer Code
+	} else if len(token) < api.MinShortTokenLen { // Transfer Code
 		return revokeTransferCode(rlog, tx, token, issuer)
 	} else { // Short Token
 		shortToken := transfercoderepo.ParseShortToken(token)

--- a/internal/mytoken/universalmytoken/universalmytoken.go
+++ b/internal/mytoken/universalmytoken/universalmytoken.go
@@ -3,6 +3,7 @@ package universalmytoken
 import (
 	"encoding/json"

+	"github.com/oidc-mytoken/api/v0"
 	"github.com/oidc-mytoken/utils/utils/jwtutils"
 	"github.com/pkg/errors"
 	log "github.com/sirupsen/logrus"
@@ -39,7 +40,7 @@ func (t *UniversalMytoken) UnmarshalJSON(data []byte) (err error) {

 // Parse parses a mytoken string (that can be a long or short mytoken) into an UniversalMytoken holding the JWT
 func Parse(rlog log.Ext1FieldLogger, token string) (UniversalMytoken, error) {
-	if token == "" {
+	if len(token) < api.MinShortTokenLen {
 		return UniversalMytoken{}, errors.New("token not valid")
 	}
 	if jwtutils.IsJWT(token) {