fix: clear throttle on verify

sentiens · sentiens · commit 92e295ee7e1a · 2019-06-06T16:28:43.000+03:00
diff --git a/src/backends/redis/lua/msTokenCreate.lua b/src/backends/redis/lua/msTokenCreate.lua
@@ -45,7 +45,12 @@ if throttle > 0 then
 end
 
 local function insertToken(key, encoded)
-  redis.call("HMSET", key, "id", id, "action", action, "uid", uid, "secret", secret, "created", created, "settings", secretSettings, "metadata", metadata, "related", encoded);
+  redis.call(
+    "HMSET", key,
+    "id", id, "action", action, "uid", uid, "secret", secret, "created", created,
+    "settings", secretSettings, "metadata", metadata, "related", encoded,
+    "throttleKey", throttleKey -- needed later to delete throttle lock on success verification
+  );
   -- put ttl if required
   if ttl > 0 then
     redis.call("EXPIRE", key, ttl);
diff --git a/src/backends/redis/lua/msVerifyToken.lua b/src/backends/redis/lua/msVerifyToken.lua
@@ -2,6 +2,10 @@ local secretKey = KEYS[1];
 local timeVerified = ARGV[1];
 local erase = ARGV[2];
 
+local function isempty(s)
+  return s == false or s == nil or s == '';
+end
+
 if redis.call('exists', secretKey) ~= 1 then
   return redis.error_reply("404");
 end
@@ -19,7 +23,14 @@ if isFirstVerification == 1 or erase == 'true' then
 
   -- if we have erase, we don't need to write anything
   if erase == 'true' then
+    local throttleKey = redis.call('hget', secretKey, 'throttleKey');
+
     redis.call('del', unpack(related));
+
+    -- delete throttle lock
+    if not isempty(throttleKey) then
+      redis.call("DEL", throttleKey);
+    end
   else
     -- otherwise we need to attach xtra data
     for i,key in ipairs(related) do
diff --git a/src/backends/redis/redis.js b/src/backends/redis/redis.js
@@ -40,6 +40,7 @@ class RedisBackend {
     created: Number,
     verified: Number,
     isFirstVerification: Boolean,
+    throttleKey: String,
   };
 
   // static instance of error
diff --git a/test/integration.js b/test/integration.js
@@ -456,6 +456,20 @@ describe('TokenManager', () => {
         });
       });
 
+      it('completes challenge, clears lock by default', async () => {
+        const createOpts = {
+          id: ID,
+          action: ACTION,
+          ttl: 3,
+          throttle: 1,
+        };
+
+        const result = await manager.create(createOpts);
+        await manager.verify(result.secret);
+
+        await assert.doesNotReject(() => manager.create(createOpts));
+      });
+
       it('completes challenge with unencrypted secret', async () => {
         const result = await manager.create({
           id: ID,
