From 3f279d8d0f26ee41b08da8f5c50b63299b9d7e30 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Tue, 12 Oct 2021 19:49:34 +0100 Subject: [PATCH] platform logout function --- packages/auth/src/utils.js | 17 ++++++++++++----- .../worker/src/api/controllers/global/auth.js | 7 ++----- .../worker/src/api/controllers/global/users.js | 13 +++++++++++-- 3 files changed, 25 insertions(+), 12 deletions(-) diff --git a/packages/auth/src/utils.js b/packages/auth/src/utils.js index 13728e1c13..328b8047b3 100644 --- a/packages/auth/src/utils.js +++ b/packages/auth/src/utils.js @@ -243,19 +243,26 @@ exports.saveUser = async ( /** * Logs a user out from budibase. Re-used across account portal and builder. */ -exports.logout = async ({ ctx, userId, sessionId, keepActiveSession }) => { +exports.platformLogout = async ({ + ctx, + userId, + sessionId, + keepActiveSession, +}) => { let sessions = await getSessionsForUser(userId) if (keepActiveSession) { sessions = sessions.filter(session => session.sessionId !== sessionId) + } else { + if (ctx) { + // clear cookies + this.clearCookie(ctx, Cookies.Auth) + this.clearCookie(ctx, Cookies.CurrentApp) + } } await invalidateSessions( userId, sessions.map(({ sessionId }) => sessionId) ) - - // clear cookies - this.clearCookie(ctx, Cookies.Auth) - this.clearCookie(ctx, Cookies.CurrentApp) } diff --git a/packages/worker/src/api/controllers/global/auth.js b/packages/worker/src/api/controllers/global/auth.js index 2c9d4c7278..dd1765e68b 100644 --- a/packages/worker/src/api/controllers/global/auth.js +++ b/packages/worker/src/api/controllers/global/auth.js @@ -14,7 +14,7 @@ const { isMultiTenant, } = require("@budibase/auth/tenancy") const env = require("../../../environment") -const { endSession } = require("../../../../../auth/sessions") +const { platformLogout } = require("../../../../../auth/src/utils") function googleCallbackUrl(config) { // incase there is a callback URL from before @@ -122,10 +122,7 @@ exports.resetUpdate = async ctx => { } exports.logout = async ctx => { - const authCookie = getCookie(ctx, Cookies.Auth) - clearCookie(ctx, Cookies.Auth) - clearCookie(ctx, Cookies.CurrentApp) - await endSession(authCookie.sessionId) + await platformLogout({ ctx, userId: ctx.user._id }) ctx.body = { message: "User logged out." } } diff --git a/packages/worker/src/api/controllers/global/users.js b/packages/worker/src/api/controllers/global/users.js index 6b2a81ad66..0e50a9fcd0 100644 --- a/packages/worker/src/api/controllers/global/users.js +++ b/packages/worker/src/api/controllers/global/users.js @@ -3,7 +3,9 @@ const { StaticDatabases, generateNewUsageQuotaDoc, } = require("@budibase/auth/db") -const { hash, getGlobalUserByEmail, saveUser } = require("@budibase/auth").utils +const { hash, getGlobalUserByEmail, saveUser, platformLogout, getCookie } = + require("@budibase/auth").utils +const { Cookies } = require("@budibase/auth").constants const { EmailTemplatePurpose } = require("../../../constants") const { checkInviteCode } = require("../../../utilities/redis") const { sendEmail } = require("../../../utilities/email") @@ -175,7 +177,14 @@ exports.updateSelf = async ctx => { if (ctx.request.body.password) { // changing password ctx.request.body.password = await hash(ctx.request.body.password) - await invalidateSessions(ctx.user._id) + // Log all other sessions out apart from the current one + const authCookie = getCookie(ctx, Cookies.Auth) + await platformLogout({ + ctx, + userId: ctx.user._id, + sessionId: authCookie.sessionId, + keepActiveSession: true, + }) } // don't allow sending up an ID/Rev, always use the existing one delete ctx.request.body._id