From 4251e3b5e729f3a3210e7a35263f12a77e77daf3 Mon Sep 17 00:00:00 2001
From: Ivan Diaz <ivan@opensupports.com>
Date: Fri, 16 Nov 2018 19:34:07 -0300
Subject: [PATCH] Fix login with rememberToken

---
 client/src/actions/session-actions.js         |  7 +++--
 .../panel/tickets/admin-panel-new-tickets.js  |  3 ++-
 client/src/reducers/session-reducer.js        | 10 +++----
 server/controllers/system/get-logs.php        |  4 ++-
 server/controllers/user/login.php             | 27 +++++++++++++++----
 server/libs/Date.php                          |  4 +++
 server/tests/__mocks__/RedBeanMock.php        |  1 +
 server/tests/controllers/user/loginTest.php   |  4 ++-
 tests/user/login.rb                           | 26 ++++++++++++------
 9 files changed, 63 insertions(+), 23 deletions(-)

diff --git a/client/src/actions/session-actions.js b/client/src/actions/session-actions.js
index b99daf1e..90896f28 100644
--- a/client/src/actions/session-actions.js
+++ b/client/src/actions/session-actions.js
@@ -1,3 +1,5 @@
+import _ from 'lodash';
+
 import API from 'lib-app/api-call';
 import AdminDataActions from 'actions/admin-data-actions';
 import sessionStore from 'lib-app/session-store';
@@ -12,7 +14,7 @@ export default {
                 let loginCall = () => {
                     API.call({
                         path: '/user/login',
-                        data: loginData
+                        data: _.extend(loginData, {remember: loginData.remember * 1})
                     }).then((result) => {
                         store.dispatch(this.getUserData(result.data.userId, result.data.token, result.data.staff)).then(() => {
                             if(result.data.staff) {
@@ -48,7 +50,8 @@ export default {
                 data: {
                     userId: rememberData.userId,
                     rememberToken: rememberData.token,
-                    isAutomatic: true
+                    remember: 1,
+                    isAutomatic: 1
                 }
             }).then((result) => {
                 store.dispatch(this.getUserData(result.data.userId, result.data.token));
diff --git a/client/src/app/admin/panel/tickets/admin-panel-new-tickets.js b/client/src/app/admin/panel/tickets/admin-panel-new-tickets.js
index 6955905e..7f0f2ccb 100644
--- a/client/src/app/admin/panel/tickets/admin-panel-new-tickets.js
+++ b/client/src/app/admin/panel/tickets/admin-panel-new-tickets.js
@@ -12,13 +12,14 @@ import Message from 'core-components/message';
 class AdminPanelNewTickets extends React.Component {
 
     static defaultProps = {
+        page: 1,
         userId: 0,
         departments: [],
         tickets: []
     };
 
     componentDidMount() {
-        this.retrieveNewTickets()
+        this.retrieveNewTickets();
     }
 
     render() {
diff --git a/client/src/reducers/session-reducer.js b/client/src/reducers/session-reducer.js
index 03ad4797..c3e53f64 100644
--- a/client/src/reducers/session-reducer.js
+++ b/client/src/reducers/session-reducer.js
@@ -103,9 +103,9 @@ class SessionReducer extends Reducer {
 
     onUserDataRetrieved(state, payload) {
         let userData = payload.data;
-        
+
         sessionStore.storeUserData(payload.data);
-        
+
         return _.extend({}, state, {
             staff: userData.staff,
             userName: userData.name,
@@ -117,11 +117,11 @@ class SessionReducer extends Reducer {
             userSendEmailOnNewTicket: userData.sendEmailOnNewTicket * 1
         });
     }
-    
+
     onSessionChecked(state) {
         let userData = sessionStore.getUserData();
         let userId = sessionStore.getSessionData().userId;
-        
+
         return _.extend({}, state, {
             initDone: true,
             logged: true,
@@ -144,4 +144,4 @@ class SessionReducer extends Reducer {
     }
 }
 
-export default SessionReducer.getInstance();
\ No newline at end of file
+export default SessionReducer.getInstance();
diff --git a/server/controllers/system/get-logs.php b/server/controllers/system/get-logs.php
index 3784c4a0..5f006d3a 100755
--- a/server/controllers/system/get-logs.php
+++ b/server/controllers/system/get-logs.php
@@ -50,6 +50,8 @@ class GetLogsController extends Controller {
         $removeOlderThanDays = 31;
         $oldDate = floor(Date::getPreviousDate($removeOlderThanDays) / 10000);
 
-        RedBean::exec("DELETE FROM log WHERE date < $oldDate");
+        try {
+            RedBean::exec("DELETE FROM log WHERE date < $oldDate");
+        } catch(Exception $e) {}
     }
 }
diff --git a/server/controllers/user/login.php b/server/controllers/user/login.php
index 28b5c45d..6b289775 100755
--- a/server/controllers/user/login.php
+++ b/server/controllers/user/login.php
@@ -1,4 +1,5 @@
 <?php
+use RedBeanPHP\Facade as RedBean;
 
 /**
  * @api {post} /user/login Login
@@ -39,6 +40,7 @@ class LoginController extends Controller {
 
     private $userInstance;
     private $rememberToken;
+    private $rememberExpiration;
 
     public function validations() {
         return [
@@ -56,6 +58,8 @@ class LoginController extends Controller {
             throw new Exception(ERRORS::SESSION_EXISTS);
         }
 
+        $this->clearOldRememberTokens();
+
         if ($this->checkInputCredentials() || $this->checkRememberToken()) {
             if($this->userInstance->verificationToken !== null) {
                 throw new Exception(ERRORS::UNVERIFIED_USER);
@@ -66,7 +70,7 @@ class LoginController extends Controller {
             }
 
             $this->createUserSession();
-            $this->createSessionCookie();
+            $this->createRememberToken();
             if(Controller::request('staff')) {
                 $this->userInstance->lastLogin = Date::getCurrentDate();
                 $this->userInstance->store();
@@ -106,7 +110,8 @@ class LoginController extends Controller {
             'userEmail' => $userInstance->email,
             'staff' => Controller::request('staff'),
             'token' => Session::getInstance()->getToken(),
-            'rememberToken' => $this->rememberToken
+            'rememberToken' => $this->rememberToken,
+            'rememberExpiration' => $this->rememberExpiration
         );
     }
 
@@ -138,18 +143,30 @@ class LoginController extends Controller {
         return $userInstance;
     }
 
-    private function createSessionCookie() {
-        $remember =  Controller::request('remember');
+    private function clearOldRememberTokens() {
+        $currentDate = Date::getCurrentDate();
+
+        try {
+            RedBean::exec("DELETE FROM sessioncookie WHERE expiration_date < $currentDate");
+        } catch(Exception $e) {}
+    }
+
+    private function createRememberToken() {
+        $remember = Controller::request('remember');
+
         if ($remember) {
             $this->rememberToken = Hashing::generateRandomToken();
+            $this->rememberExpiration = Date::getNextDate(30);
 
             $sessionCookie = new SessionCookie();
             $sessionCookie->setProperties(array(
                 'user' => $this->userInstance,
                 'token' => $this->rememberToken,
                 'ip' => $_SERVER['REMOTE_ADDR'],
-                'creationDate' =>  date('d-m-Y (H:i:s)')
+                'creationDate' =>  Date::getCurrentDate(),
+                'expirationDate' => $this->rememberExpiration
             ));
+
             $sessionCookie->store();
         }
     }
diff --git a/server/libs/Date.php b/server/libs/Date.php
index 7705ce7e..da033024 100755
--- a/server/libs/Date.php
+++ b/server/libs/Date.php
@@ -7,4 +7,8 @@ class Date {
     public static function getPreviousDate($days = 1) {
         return date('YmdHi', strtotime(" -$days day "));
     }
+
+    public static function getNextDate($days = 1) {
+        return date('YmdHi', strtotime(" +$days day "));
+    }
 }
diff --git a/server/tests/__mocks__/RedBeanMock.php b/server/tests/__mocks__/RedBeanMock.php
index 1abb5f50..4fe832bc 100755
--- a/server/tests/__mocks__/RedBeanMock.php
+++ b/server/tests/__mocks__/RedBeanMock.php
@@ -10,6 +10,7 @@ namespace RedBeanPHP {
             self::setStatics(array(
                 'trash' => parent::stub(),
                 'store' => parent::stub(),
+                'exec' => parent::stub(),
                 'dispense' => parent::stub()->returns(new \BeanMock())
             ));
         }
diff --git a/server/tests/controllers/user/loginTest.php b/server/tests/controllers/user/loginTest.php
index 0cca2e80..035aaa70 100755
--- a/server/tests/controllers/user/loginTest.php
+++ b/server/tests/controllers/user/loginTest.php
@@ -8,6 +8,7 @@ include_once 'tests/__mocks__/SessionMock.php';
 include_once 'tests/__mocks__/UserMock.php';
 include_once 'tests/__mocks__/HashingMock.php';
 include_once 'tests/__mocks__/SessionCookieMock.php';
+include_once 'tests/__mocks__/RedBeanMock.php';
 include_once 'data/ERRORS.php';
 
 use PHPUnit\Framework\TestCase;
@@ -43,7 +44,8 @@ class LoginControllerTest extends TestCase {
             'userEmail' => 'MOCK_EMAIL',
             'staff' => false,
             'token' => 'TEST_TOKEN',
-            'rememberToken' => null
+            'rememberToken' => null,
+            'rememberExpiration' => Date::getNextDate(30)
         )));
     }
 
diff --git a/tests/user/login.rb b/tests/user/login.rb
index 0dc60c4a..e3d09c9e 100644
--- a/tests/user/login.rb
+++ b/tests/user/login.rb
@@ -44,28 +44,38 @@ describe '/user/login' do
         (result['data']['staff']).should.equal('true')
     end
 
-    it 'should return remember token' do
+    it 'should work with remember token' do
         request('/user/logout', {})
         result = request('/user/login', {
             email: @loginEmail,
             password: @loginPass,
-            remember: true
+            remember: 1
         })
 
         (result['status']).should.equal('success')
 
         @rememberToken = result['data']['rememberToken']
-        @userid = result['data']['userId']
-    end
+        @userId = result['data']['userId']
 
-    it 'should login with token' do
         request('/user/logout', {})
         result = request('/user/login', {
-            rememberToken: @rememberToken,
-            userId: @userid
+            userId: @userId,
+            rememberToken: '12abc',
+            remember: 1
         })
+        (result['status']).should.equal('fail')
+        result = request('/user/login', {
+            userId: 1,
+            rememberToken: @rememberToken,
+            remember: 1
+        })
+        (result['status']).should.equal('fail')
 
+        result = request('/user/login', {
+            userId: @userId,
+            rememberToken: @rememberToken,
+            remember: 1
+        })
         (result['status']).should.equal('success')
-        (result['data']['userId']).should.equal(@userid)
     end
 end