feat(devices): Add ability to associate a device record with a refesh token.

Author: rfk

db-server/index.js

@@ -92,6 +92,7 @@ function createServer(db) {
     'passCode',
     'recoveryKeyId',
     'sessionTokenId',
+    'refreshTokenId',
     'tokenId',
     'tokenVerificationId',
     'uid',

db-server/test/backend/db_tests.js

@@ -580,8 +580,8 @@ module.exports = function(cfg, makeServer) {
     it(
       'device handling',
       () => {
-        var user = fake.newUserDataHex()
-        var zombieUser = fake.newUserDataHex()
+        const user = fake.newUserDataHex()
+        const zombieUser = fake.newUserDataHex()
         return client.getThen('/account/' + user.accountId + '/devices')
           .then(function(r) {
             respOk(r)
@@ -606,10 +606,11 @@ module.exports = function(cfg, makeServer) {
             respOk(r)
             var devices = r.obj
             assert.equal(devices.length, 1, 'devices contains one item')
-            assert.equal(Object.keys(devices[0]).length, 18, 'device has eighteen properties')
+            assert.equal(Object.keys(devices[0]).length, 19, 'device has nineteen properties')
             assert.equal(devices[0].uid, user.accountId, 'uid is correct')
             assert.equal(devices[0].id, user.deviceId, 'id is correct')
             assert.equal(devices[0].sessionTokenId, user.sessionTokenId, 'sessionTokenId is correct')
+            assert.equal(devices[0].refreshTokenId, null, 'refreshTokenId is correct')
             assert.equal(devices[0].createdAt, user.device.createdAt, 'createdAt is correct')
             assert.equal(devices[0].name, user.device.name, 'name is correct')
             assert.equal(devices[0].type, user.device.type, 'type is correct')
@@ -735,11 +736,75 @@ module.exports = function(cfg, makeServer) {
             assert.equal(devices.length, 1, 'devices contains one item again')
             assert.equal(devices[0].name, '4a6f686e', 'name was not automagically bufferized')
 
+            return client.putThen('/account/' + user.accountId + '/device/' + user.oauthDeviceId, user.oauthDevice)
+          })
+          .then(function (r) {
+            return client.getThen('/account/' + user.accountId + '/devices')
+          })
+          .then(function (r) {
+            respOk(r)
+            var devices = r.obj
+            assert.equal(devices.length, 2, 'devices now contains two items')
+            const sessionDevice = devices.find(d => d.sessionTokenId)
+            const oauthDevice = devices.find(d => d.refreshTokenId)
+
+            assert.equal(sessionDevice.uid, user.accountId, 'uid is correct')
+            assert.equal(sessionDevice.sessionTokenId, user.sessionTokenId, 'sessionTokenId is correct')
+            assert.equal(sessionDevice.refreshTokenId, null, 'refreshTokenId is correct')
+
+            assert.equal(Object.keys(oauthDevice).length, 19, 'device has nineteen properties')
+            assert.equal(oauthDevice.uid, user.accountId, 'uid is correct')
+            assert.equal(oauthDevice.id, user.oauthDeviceId, 'id is correct')
+            assert.equal(oauthDevice.sessionTokenId, null, 'sessionTokenId is correct')
+            assert.equal(oauthDevice.refreshTokenId, user.refreshTokenId, 'refreshTokenId is correct')
+            assert.equal(oauthDevice.createdAt, user.oauthDevice.createdAt, 'createdAt is correct')
+            assert.equal(oauthDevice.name, user.oauthDevice.name, 'name is correct')
+            assert.equal(oauthDevice.type, user.oauthDevice.type, 'type is correct')
+            assert.equal(oauthDevice.callbackURL, user.oauthDevice.callbackURL, 'callbackURL is correct')
+            assert.equal(oauthDevice.callbackPublicKey, user.oauthDevice.callbackPublicKey, 'callbackPublicKey is correct')
+            assert.equal(oauthDevice.callbackAuthKey, user.oauthDevice.callbackAuthKey, 'callbackAuthKey is correct')
+            assert.equal(oauthDevice.callbackIsExpired, user.oauthDevice.callbackIsExpired, 'callbackIsExpired is correct')
+            assert.deepEqual(oauthDevice.availableCommands, {}, 'availableCommands is correct')
+            assert.equal(oauthDevice.uaBrowser, null, 'uaBrowser is correct')
+            assert.equal(oauthDevice.uaBrowserVersion, null, 'uaBrowserVersion is correct')
+            assert.equal(oauthDevice.uaOS, null, 'uaOS is correct')
+            assert.equal(oauthDevice.uaOSVersion, null, 'uaOSVersion is correct')
+            assert.equal(oauthDevice.uaDeviceType, null, 'uaDeviceType is correct')
+            assert.equal(oauthDevice.uaFormFactor, null, 'uaFormFactor is correct')
+            assert.equal(oauthDevice.lastAccessTime, null, 'lastAccessTime is correct')
+
+            return client.postThen('/account/' + user.accountId + '/device/' + oauthDevice.id + '/update', {
+              name: 'a new device name'
+            })
+          })
+          .then(function (r) {
+            return client.getThen('/account/' + user.accountId + '/devices')
+          })
+          .then(function (r) {
+            respOk(r)
+            var devices = r.obj
+            assert.equal(devices.length, 2, 'devices still contains two items')
+            const sessionDevice = devices.find(d => d.sessionTokenId)
+            const oauthDevice = devices.find(d => d.refreshTokenId)
+
+            assert.equal(sessionDevice.sessionTokenId, user.sessionTokenId, 'sessionTokenId is correct')
+            assert.equal(sessionDevice.refreshTokenId, null, 'refreshTokenId is correct')
+
+            assert.equal(oauthDevice.sessionTokenId, null, 'sessionTokenId is correct')
+            assert.equal(oauthDevice.refreshTokenId, oauthDevice.refreshTokenId, 'refreshTokenId is correct')
+            assert.equal(oauthDevice.name, 'a new device name', 'name is correct')
+
+            return client.delThen('/account/' + user.accountId + '/device/' + user.oauthDeviceId)
+          })
+          .then(function (r) {
+            respOk(r)
+            assert.deepEqual(r.obj, { sessionTokenId: null, refreshTokenId: user.refreshTokenId })
+
             return client.delThen('/account/' + user.accountId + '/device/' + user.deviceId)
           })
           .then(function(r) {
             respOk(r)
-            assert.deepEqual(r.obj, { sessionTokenId: user.sessionTokenId })
+            assert.deepEqual(r.obj, { sessionTokenId: user.sessionTokenId, refreshTokenId: null })
             return client.getThen('/account/' + user.accountId + '/devices')
           })
           .then(function(r) {

db-server/test/backend/remote.js

@@ -69,14 +69,30 @@ module.exports.newUserDataHex = function() {
   data.device = {
     uid: data.accountId,
     sessionTokenId: data.sessionTokenId,
+    refreshTokenId: null,
     createdAt: Date.now(),
     name: 'fake device name',
     type: 'fake device type',
     callbackURL: 'fake callback URL',
     callbackPublicKey: base64_65(),
     callbackAuthKey: base64_16(),
-    callbackIsExpired: false,
-    capabilities: ['messages']
+    callbackIsExpired: false
+  }
+
+  // oauth device
+  data.refreshTokenId = hex32()
+  data.oauthDeviceId = hex16()
+  data.oauthDevice = {
+    uid: data.accountId,
+    sessionTokenId: null,
+    refreshTokenId: data.refreshTokenId,
+    createdAt: Date.now(),
+    name: 'fake oauth device name',
+    type: 'oauth device',
+    callbackURL: 'fake oauth callback URL',
+    callbackPublicKey: base64_65(),
+    callbackAuthKey: base64_16(),
+    callbackIsExpired: false
   }
 
   // keyFetchToken

db-server/test/fake.js

@@ -28,9 +28,11 @@ var signinCodes = {}
 const totpTokens = {}
 const recoveryCodes = {}
 const recoveryKeys = {}
+const devicesByRefreshTokenId = {}
 
 var DEVICE_FIELDS = [
   'sessionTokenId',
+  'refreshTokenId',
   'name',
   'type',
   'createdAt',
@@ -231,16 +233,26 @@ module.exports = function (log, error) {
   }
 
   function updateDeviceRecord (device, deviceInfo, deviceKey) {
-    var session
-    var sessionKey = (deviceInfo.sessionTokenId || '').toString('hex')
-
+    // Prevent multiple device records from linking to the same sessionToken.
+    let session
+    const sessionKey = (deviceInfo.sessionTokenId || '').toString('hex')
     if (sessionKey) {
       session = sessionTokens[sessionKey]
       if (session && session.deviceKey && session.deviceKey !== deviceKey) {
         throw error.duplicate()
       }
     }
 
+    // Prevent multiple device records from linking to the same refreshToken.
+    const refreshTokenId = (deviceInfo.refreshTokenId || '').toString('hex')
+    if (refreshTokenId) {
+      const existingDevice = devicesByRefreshTokenId[refreshTokenId]
+      if (existingDevice && existingDevice !== deviceKey) {
+        throw error.duplicate()
+      }
+      devicesByRefreshTokenId[refreshTokenId] = deviceKey
+    }
+
     DEVICE_FIELDS.forEach(function (key) {
       var field = deviceInfo[key]
       if (field === undefined || field === null) {
@@ -257,6 +269,10 @@ module.exports = function (log, error) {
         device[key] = session[key]
       })
       session.deviceKey = deviceKey
+    } else {
+      SESSION_DEVICE_FIELDS.forEach(function (key) {
+        device[key] = null
+      })
     }
 
     return device
@@ -271,6 +287,7 @@ module.exports = function (log, error) {
             throw error.notFound()
           }
           var device = account.devices[deviceKey]
+          // If changing sessionTokenId, the old token loses its device record.
           if (device.sessionTokenId) {
             if (deviceInfo.sessionTokenId) {
               var oldSessionKey = device.sessionTokenId.toString('hex')
@@ -284,6 +301,17 @@ module.exports = function (log, error) {
               deviceInfo.sessionTokenId = device.sessionTokenId
             }
           }
+          // If changing refreshTokenId, the old token loses its device record.
+          if (device.refreshTokenId) {
+            if (deviceInfo.refreshTokenId) {
+              const oldRefreshTokenId = device.refreshTokenId.toString('hex')
+              if (oldRefreshTokenId !== deviceInfo.refreshTokenId.toString('hex')) {
+                delete devicesByRefreshTokenId[oldRefreshTokenId]
+              }
+            } else {
+              deviceInfo.refreshTokenId = device.refreshTokenId
+            }
+          }
           account.devices[deviceKey] = updateDeviceRecord(device, deviceInfo, deviceKey)
           return {}
         }
@@ -418,7 +446,7 @@ module.exports = function (log, error) {
 
   Memory.prototype.deleteDevice = function (uid, deviceId) {
     const deviceKey = deviceId.toString('hex')
-    let sessionTokenId
+    let sessionTokenId, refreshTokenId
 
     return getAccountByUid(uid)
       .then(account => {
@@ -428,12 +456,15 @@ module.exports = function (log, error) {
 
         const device = account.devices[deviceKey]
         sessionTokenId = device.sessionTokenId
+        refreshTokenId = device.refreshTokenId
 
         delete account.devices[deviceKey]
 
-        return Memory.prototype.deleteSessionToken(sessionTokenId)
+        if (sessionTokenId) {
+          return Memory.prototype.deleteSessionToken(sessionTokenId)
+        }
       })
-      .then(() => ({ sessionTokenId }))
+      .then(() => ({ sessionTokenId, refreshTokenId }))
   }
 
   // READ
@@ -477,6 +508,10 @@ module.exports = function (log, error) {
                   })
                   return device
                 }
+                if (device.refreshTokenId) {
+                  device.sessionTokenId = null
+                  return device
+                }
               }
             )
             .filter(
@@ -521,7 +556,7 @@ module.exports = function (log, error) {
         function (devices) {
           var device = devices.filter(
             function (d) {
-              return d.sessionTokenId.toString('hex') === sessionTokenId
+              return d.sessionTokenId && d.sessionTokenId.toString('hex') === sessionTokenId
             }
           )[0]
           if (! device) {
@@ -604,7 +639,7 @@ module.exports = function (log, error) {
         })
 
         const device = devices.filter((d) => {
-          return d.sessionTokenId.toString('hex') === id.toString('hex')
+          return d.sessionTokenId && d.sessionTokenId.toString('hex') === id.toString('hex')
         })[0]
 
         if (device) {
@@ -667,7 +702,7 @@ module.exports = function (log, error) {
         var sessionToken = sessionTokens[key]
 
         var deviceInfo = devices.find(function (device) {
-          return device.sessionTokenId.toString('hex') === key
+          return device.sessionTokenId && device.sessionTokenId.toString('hex') === key
         })
 
         if (! deviceInfo) {

lib/db/mem.js

@@ -322,7 +322,7 @@ module.exports = function (log, error) {
     }, [])
   }
 
-  const CREATE_DEVICE = 'CALL createDevice_4(?, ?, ?, ?, ?, ?, ?, ?, ?)'
+  const CREATE_DEVICE = 'CALL createDevice_5(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'
 
   MySql.prototype.createDevice = function (uid, deviceId, deviceInfo) {
     const statements = [{
@@ -331,6 +331,7 @@ module.exports = function (log, error) {
         uid,
         deviceId,
         deviceInfo.sessionTokenId,
+        deviceInfo.refreshTokenId,
         deviceInfo.name, // inNameUtf8
         deviceInfo.type,
         deviceInfo.createdAt,
@@ -345,7 +346,7 @@ module.exports = function (log, error) {
     return this.writeMultiple(statements)
   }
 
-  const UPDATE_DEVICE = 'CALL updateDevice_5(?, ?, ?, ?, ?, ?, ?, ?, ?)'
+  const UPDATE_DEVICE = 'CALL updateDevice_6(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'
 
   MySql.prototype.updateDevice = function (uid, deviceId, deviceInfo) {
     const statements = [{
@@ -354,6 +355,7 @@ module.exports = function (log, error) {
         uid,
         deviceId,
         deviceInfo.sessionTokenId,
+        deviceInfo.refreshTokenId,
         deviceInfo.name, // inNameUtf8
         deviceInfo.type,
         deviceInfo.callbackURL,
@@ -407,25 +409,25 @@ module.exports = function (log, error) {
   }
 
   // Select : devices d, sessionTokens s, deviceAvailableCommands dc, deviceCommandIdentifiers ci
-  // Fields : d.uid, d.id, d.sessionTokenId, d.name, d.type, d.createdAt, d.callbackURL,
+  // Fields : d.uid, d.id, d.sessionTokenId, d.refreshTokenId, d.name, d.type, d.createdAt, d.callbackURL,
   //          d.callbackPublicKey, d.callbackAuthKey, d.callbackIsExpired,
   //          s.uaBrowser, s.uaBrowserVersion, s.uaOS, s.uaOSVersion, s.uaDeviceType,
   //          s.uaFormFactor, s.lastAccessTime, {  ci.commandName : dc.commandData }
   // Where  : d.uid = $1
-  var ACCOUNT_DEVICES = 'CALL accountDevices_15(?)'
+  var ACCOUNT_DEVICES = 'CALL accountDevices_16(?)'
 
   MySql.prototype.accountDevices = function (uid) {
     return this.readAllResults(ACCOUNT_DEVICES, [uid])
       .then(rows => dbUtil.aggregateNameValuePairs(rows, 'id', 'commandName', 'commandData', 'availableCommands'))
   }
 
   // Select : devices d, sessionTokens s, deviceAvailableCommands dc, deviceCommandIdentifiers ci
-  // Fields : d.uid, d.id, d.sessionTokenId, d.name, d.type, d.createdAt, d.callbackURL,
+  // Fields : d.uid, d.id, d.sessionTokenId, d.refreshTokenId, d.name, d.type, d.createdAt, d.callbackURL,
   //          d.callbackPublicKey, d.callbackAuthKey, d.callbackIsExpired,
   //          s.uaBrowser, s.uaBrowserVersion, s.uaOS, s.uaOSVersion, s.uaDeviceType,
   //          s.uaFormFactor, s.lastAccessTime, {  ci.commandName : dc.commandData }
   // Where  : d.uid = $1 AND d.id = $2
-  var DEVICE = 'CALL device_2(?, ?)'
+  var DEVICE = 'CALL device_3(?, ?)'
 
   MySql.prototype.device = function (uid, id) {
     return this.readAllResults(DEVICE, [uid, id])
@@ -683,10 +685,10 @@ module.exports = function (log, error) {
   }
 
   // Select : devices
-  // Fields : sessionTokenId
+  // Fields : sessionTokenId, refreshTokenId
   // Delete : devices, sessionTokens, unverifiedTokens
   // Where  : uid = $1, deviceId = $2
-  var DELETE_DEVICE = 'CALL deleteDevice_3(?, ?)'
+  var DELETE_DEVICE = 'CALL deleteDevice_4(?, ?)'
 
   MySql.prototype.deleteDevice = function (uid, deviceId) {
     return this.write(DELETE_DEVICE, [ uid, deviceId ], results => {

lib/db/mysql.js

@@ -4,4 +4,4 @@
 
 // The expected patch level of the database. Update if you add a new
 // patch in the ./schema/ directory.
-module.exports.level = 96
+module.exports.level = 97