#843 api tokens extended if login again when valid

2022-08-03 21:26:12 +01:00
parent 37af50513d
commit d57db8b1db
1 changed files with 5 additions and 1 deletions
--- a/lib/App/Netdisco/Web/AuthN.pm
+++ b/lib/App/Netdisco/Web/AuthN.pm
@@ -123,10 +123,14 @@ post '/login' => sub {
        $user->update({ last_on => \'now()' });

        if ($api) {
+            # from the internals of Dancer::Plugin::Auth::Extensible
+            my $provider = Dancer::Plugin::Auth::Extensible::auth_provider('users');
            header('Content-Type' => 'application/json');
+            # if there's a current valid token then reissue it and reset timer
            $user->update({
              token_from => time,
-              token => \'md5(random()::text)',
+              ($provider->validate_api_token($user->token)
+                ? () : (token => \'md5(random()::text)')),
            })->discard_changes();
            return to_json { api_key => $user->token };
        }