Fix authentication token generation #176

d8fb1d69 · PavelBegunkov · Artem Konenko · 56ae0abe · d8fb1d69 · d8fb1d69
Commit d8fb1d69 authored 8 years ago by PavelBegunkov Committed by Artem Konenko 8 years ago
--- a/db/migrations/stored/R__functions.sql
+++ b/db/migrations/stored/R__functions.sql
@@ -2240,6 +2240,7 @@ BEGIN
    RETURN ROW_COUNT()-1;
 END//
+-- returns NULL if failed, token otherwise
 DROP FUNCTION IF EXISTS CreateAuthToken//
 CREATE FUNCTION CreateAuthToken(
    pAccountID int(11),
@@ -2247,21 +2248,21 @@ CREATE FUNCTION CreateAuthToken(
 ) RETURNS char(40) charset ascii
 NO SQL
 BEGIN
-    DECLARE vCounter int(11) DEFAULT 666;
+    DECLARE vTries int(11) DEFAULT 13; -- number of tries to generate unique token
    DECLARE vCreated boolean DEFAULT FALSE;
    DECLARE vSeed int(11) DEFAULT FLOOR(4294967296 * RAND(CURRENT_TIMESTAMP ^ LAST_INSERT_ID() ^ (pAccountID << 10)));
    DECLARE vToken char(40) charset ascii DEFAULT SHA1(vSeed);
-    WHILE NOT vCreated AND vCounter > 0 DO BEGIN
+    WHILE NOT vCreated AND vTries > 0 DO BEGIN
        DECLARE CONTINUE HANDLER FOR SQLEXCEPTION SET vCreated = FALSE;
        SET vToken = SHA1(RAND());
-        INSERT INTO auth_tokens(Token, AccountID, Mask) VALUES (vToken, pAccountID, pRightMask);
+        SET vTries = vTries - 1;
        SET vCreated = TRUE;
-        SET vCounter = vCounter - 1;
+        INSERT INTO auth_tokens(Token, AccountID, Mask) VALUES (vToken, pAccountID, pRightMask);
    END; END WHILE;
-    RETURN IF(vCreated, vToken, '');
+    RETURN IF(vCreated, vToken, NULL);
 END//
 # -------------------------------------------------------------------------------------------

--- a/db/stored/functions.sql
+++ b/db/stored/functions.sql
@@ -2338,6 +2338,7 @@ BEGIN
    RETURN ROW_COUNT()-1;
 END//
+-- returns NULL if failed, token otherwise
 DROP FUNCTION IF EXISTS CreateAuthToken//
 CREATE FUNCTION CreateAuthToken(
    pAccountID int(11),
@@ -2345,21 +2346,21 @@ CREATE FUNCTION CreateAuthToken(
 ) RETURNS char(40) charset ascii
 NO SQL
 BEGIN
-    DECLARE vCounter int(11) DEFAULT 666;
+    DECLARE vTries int(11) DEFAULT 13; -- number of tries to generate unique token
    DECLARE vCreated boolean DEFAULT FALSE;
    DECLARE vSeed int(11) DEFAULT FLOOR(4294967296 * RAND(CURRENT_TIMESTAMP ^ LAST_INSERT_ID() ^ (pAccountID << 10)));
    DECLARE vToken char(40) charset ascii DEFAULT SHA1(vSeed);
-    WHILE NOT vCreated AND vCounter > 0 DO BEGIN
+    WHILE NOT vCreated AND vTries > 0 DO BEGIN
        DECLARE CONTINUE HANDLER FOR SQLEXCEPTION SET vCreated = FALSE;
        SET vToken = SHA1(RAND());
-        INSERT INTO auth_tokens(Token, AccountID, Mask) VALUES (vToken, pAccountID, pRightMask);
+        SET vTries = vTries - 1;
        SET vCreated = TRUE;
-        SET vCounter = vCounter - 1;
+        INSERT INTO auth_tokens(Token, AccountID, Mask) VALUES (vToken, pAccountID, pRightMask);
    END; END WHILE;
-    RETURN IF(vCreated, vToken, '');
+    RETURN IF(vCreated, vToken, NULL);
 END//
 DELIMITER ;