From 23fa412a1845f91fd166dcab090f060be61bcec8 Mon Sep 17 00:00:00 2001
From: Neil Schark <neil.schark@h-da.de>
Date: Thu, 25 Jul 2024 14:42:45 +0000
Subject: [PATCH] Check amount of tokens of user

---
 controller/controller.go                                | 9 ++++++---
 controller/northbound/server/auth.go                    | 5 ++++-
 integration-tests/application_tests/application_test.go | 8 ++++----
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/controller/controller.go b/controller/controller.go
index 3be1d6671..dcd8e0676 100644
--- a/controller/controller.go
+++ b/controller/controller.go
@@ -447,6 +447,7 @@ func ensureDefaultUserExists() error {
 }
 
 func deletAllExpiredUserTokens() error {
+	var usersToUpdate []rbac.User
 	// Temporarly create JWT manager just to evaluate tokens here
 	jwtManager := rbacImpl.NewJWTManager(config.JWTSecret, config.JWTDuration)
 
@@ -454,7 +455,8 @@ func deletAllExpiredUserTokens() error {
 	if err != nil {
 		return fmt.Errorf("error getting all users while deleting expires user tokens: %w", err)
 	}
-	for i, user := range users {
+
+	for _, user := range users {
 		tokens := user.GetTokens()
 		for _, token := range tokens {
 			claims, err := jwtManager.GetClaimsFromToken(token)
@@ -462,15 +464,16 @@ func deletAllExpiredUserTokens() error {
 				return fmt.Errorf("error getting claims from token while deleting expired user tokens: %w", err)
 			}
 			if claims.ExpiresAt < time.Now().Unix() {
-				err := users[i].RemoveToken(token)
+				err := user.RemoveToken(token)
 				if err != nil {
 					return fmt.Errorf("error removing token while deleting expired user tokens: %w", err)
 				}
+				usersToUpdate = append(usersToUpdate, user)
 			}
 		}
 	}
 
-	for _, user := range users {
+	for _, user := range usersToUpdate {
 		err := c.userService.Update(user)
 		if err != nil {
 			return fmt.Errorf("error updating user while deleting expired user tokens: %w", err)
diff --git a/controller/northbound/server/auth.go b/controller/northbound/server/auth.go
index 9924e5da4..77477e3fb 100644
--- a/controller/northbound/server/auth.go
+++ b/controller/northbound/server/auth.go
@@ -7,6 +7,7 @@ import (
 	"time"
 
 	apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
+	"code.fbi.h-da.de/danet/gosdn/controller/config"
 	rbacInterfaces "code.fbi.h-da.de/danet/gosdn/controller/interfaces/rbac"
 	"code.fbi.h-da.de/danet/gosdn/controller/metrics"
 	"code.fbi.h-da.de/danet/gosdn/controller/rbac"
@@ -93,7 +94,9 @@ func (s AuthServer) Login(ctx context.Context, request *apb.LoginRequest) (*apb.
 	}
 
 	userToUpdate.AddToken(token)
-
+	for len(userToUpdate.GetTokens()) > config.MaxTokensPerUser {
+		userToUpdate.RemoveToken(userToUpdate.GetTokens()[0])
+	}
 	err = s.userService.Update(userToUpdate)
 	if err != nil {
 		return nil, err
diff --git a/integration-tests/application_tests/application_test.go b/integration-tests/application_tests/application_test.go
index d5b69ae22..9b3797a55 100644
--- a/integration-tests/application_tests/application_test.go
+++ b/integration-tests/application_tests/application_test.go
@@ -100,10 +100,10 @@ func TestMain(m *testing.M) {
 	// a user and role and update the user because of the login. After then only logins are done, no user and role creations.
 	// This means that this will block after trying once, because of the three attempts to read from eventChannels.
 
-	_ = <-application.addEventChannel
-	_ = <-application.addEventChannel
-	_ = <-application.addEventChannel
-	_ = <-application.updateEventChannel
+	<-application.addEventChannel
+	<-application.addEventChannel
+	<-application.addEventChannel
+	<-application.updateEventChannel
 
 	m.Run()
 }
-- 
GitLab