From d8fb1d69374c8ff1f19c674ffceada4b4e5cb00c Mon Sep 17 00:00:00 2001
From: PavelBegunkov <asml.silence@gmail.com>
Date: Mon, 31 Oct 2016 16:45:37 +0300
Subject: [PATCH] Fix authentication token generation #176

---
 db/migrations/stored/R__functions.sql | 13 +++++++------
 db/stored/functions.sql               | 13 +++++++------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/db/migrations/stored/R__functions.sql b/db/migrations/stored/R__functions.sql
index 4df232da3..970c18239 100644
--- a/db/migrations/stored/R__functions.sql
+++ b/db/migrations/stored/R__functions.sql
@@ -2240,6 +2240,7 @@ BEGIN
     RETURN ROW_COUNT()-1;
 END//
 
+-- returns NULL if failed, token otherwise
 DROP FUNCTION IF EXISTS CreateAuthToken//
 CREATE FUNCTION CreateAuthToken(
     pAccountID int(11),
@@ -2247,21 +2248,21 @@ CREATE FUNCTION CreateAuthToken(
 ) RETURNS char(40) charset ascii
 NO SQL
 BEGIN
-    DECLARE vCounter int(11) DEFAULT 666;
+    DECLARE vTries int(11) DEFAULT 13; -- number of tries to generate unique token
     DECLARE vCreated boolean DEFAULT FALSE;
     DECLARE vSeed int(11) DEFAULT FLOOR(4294967296 * RAND(CURRENT_TIMESTAMP ^ LAST_INSERT_ID() ^ (pAccountID << 10)));
     DECLARE vToken char(40) charset ascii DEFAULT SHA1(vSeed);
 
-    WHILE NOT vCreated AND vCounter > 0 DO BEGIN
+    WHILE NOT vCreated AND vTries > 0 DO BEGIN
         DECLARE CONTINUE HANDLER FOR SQLEXCEPTION SET vCreated = FALSE;
         SET vToken = SHA1(RAND());
-        INSERT INTO auth_tokens(Token, AccountID, Mask) VALUES (vToken, pAccountID, pRightMask);
-
+        SET vTries = vTries - 1;
         SET vCreated = TRUE;
-        SET vCounter = vCounter - 1;
+        
+        INSERT INTO auth_tokens(Token, AccountID, Mask) VALUES (vToken, pAccountID, pRightMask);
     END; END WHILE;
 
-    RETURN IF(vCreated, vToken, '');
+    RETURN IF(vCreated, vToken, NULL);
 END//
 
 # -------------------------------------------------------------------------------------------
diff --git a/db/stored/functions.sql b/db/stored/functions.sql
index 76f508ce0..2bd240f3b 100644
--- a/db/stored/functions.sql
+++ b/db/stored/functions.sql
@@ -2338,6 +2338,7 @@ BEGIN
     RETURN ROW_COUNT()-1;
 END//
 
+-- returns NULL if failed, token otherwise
 DROP FUNCTION IF EXISTS CreateAuthToken//
 CREATE FUNCTION CreateAuthToken(
     pAccountID int(11),
@@ -2345,21 +2346,21 @@ CREATE FUNCTION CreateAuthToken(
 ) RETURNS char(40) charset ascii
 NO SQL
 BEGIN
-    DECLARE vCounter int(11) DEFAULT 666;
+    DECLARE vTries int(11) DEFAULT 13; -- number of tries to generate unique token
     DECLARE vCreated boolean DEFAULT FALSE;
     DECLARE vSeed int(11) DEFAULT FLOOR(4294967296 * RAND(CURRENT_TIMESTAMP ^ LAST_INSERT_ID() ^ (pAccountID << 10)));
     DECLARE vToken char(40) charset ascii DEFAULT SHA1(vSeed);
 
-    WHILE NOT vCreated AND vCounter > 0 DO BEGIN
+    WHILE NOT vCreated AND vTries > 0 DO BEGIN
         DECLARE CONTINUE HANDLER FOR SQLEXCEPTION SET vCreated = FALSE;
         SET vToken = SHA1(RAND());
-        INSERT INTO auth_tokens(Token, AccountID, Mask) VALUES (vToken, pAccountID, pRightMask);
-
+        SET vTries = vTries - 1;
         SET vCreated = TRUE;
-        SET vCounter = vCounter - 1;
+        
+        INSERT INTO auth_tokens(Token, AccountID, Mask) VALUES (vToken, pAccountID, pRightMask);
     END; END WHILE;
 
-    RETURN IF(vCreated, vToken, '');
+    RETURN IF(vCreated, vToken, NULL);
 END//
 
 DELIMITER ;
-- 
GitLab