Handle handshake rejections on invalid token, reuse not expired tokens

2020-09-19 13:33:18 +02:00
parent f21d077522
commit 3e594c1fbd
2 changed files with 26 additions and 8 deletions
--- a/server/src/main/java/envoy/server/processors/LoginCredentialProcessor.java
+++ b/server/src/main/java/envoy/server/processors/LoginCredentialProcessor.java
@ -122,10 +122,20 @@ public final class LoginCredentialProcessor implements ObjectProcessor<LoginCred
 		user.setStatus(ONLINE);
 		UserStatusChangeProcessor.updateUserStatus(user);

-		// Generate a new token if requested
+		// Process token request
 		if (credentials.requestToken()) {
-			String token = AuthTokenGenerator.nextToken();
-			user.setAuthToken(token);
+			String token;
+
+			if (user.getAuthToken() != null && user.getAuthTokenExpiration().isAfter(Instant.now())) {
+
+				// Reuse existing token and delay expiration date
+				token = user.getAuthToken();
+			} else {
+
+				// Generate new token
+				token = AuthTokenGenerator.nextToken();
+				user.setAuthToken(token);
+			}
 			user.setAuthTokenExpiration(Instant.now().plus(ServerConfig.getInstance().getAuthTokenExpiration().longValue(), ChronoUnit.DAYS));
 			persistenceManager.updateContact(user);
 			writeProxy.write(socketID, new NewAuthToken(token));