diff --git a/lib/Database.php b/lib/Database.php index 366d84d0..7c61aff2 100644 --- a/lib/Database.php +++ b/lib/Database.php @@ -440,7 +440,7 @@ class Database { /** Look up data associated with a token */ public function tokenLookup(string $class, string $id): array { - $out = $this->db->prepare("SELECT id,class,\"user\",created,expires from arsse_tokens where class = ? and id = ? and expires > CURRENT_TIMESTAMP", "str", "str")->run($class, $id)->getRow(); + $out = $this->db->prepare("SELECT id,class,\"user\",created,expires from arsse_tokens where class = ? and id = ? and (expires is null or expires > CURRENT_TIMESTAMP)", "str", "str")->run($class, $id)->getRow(); if (!$out) { throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "token", 'id' => $id]); } diff --git a/tests/cases/Database/SeriesToken.php b/tests/cases/Database/SeriesToken.php index ef223dff..028689d7 100644 --- a/tests/cases/Database/SeriesToken.php +++ b/tests/cases/Database/SeriesToken.php @@ -60,8 +60,14 @@ trait SeriesToken { 'class' => "class.class", 'user' => "john.doe@example.com" ]; + $exp3 = [ + 'id' => "ab3b3eb8a13311e78667001e673b2560", + 'class' => "class.class", + 'user' => "jane.doe@example.com" + ]; $this->assertArraySubset($exp1, Arsse::$db->tokenLookup("fever.login", "80fa94c1a11f11e78667001e673b2560")); $this->assertArraySubset($exp2, Arsse::$db->tokenLookup("class.class", "da772f8fa13c11e78667001e673b2560")); + $this->assertArraySubset($exp3, Arsse::$db->tokenLookup("class.class", "ab3b3eb8a13311e78667001e673b2560")); // token lookup should not check authorization Phake::when(Arsse::$user)->authorize->thenReturn(false); $this->assertArraySubset($exp1, Arsse::$db->tokenLookup("fever.login", "80fa94c1a11f11e78667001e673b2560"));