From 81f49dcdf1a1e24df2bbbae26ee395756461cbbd Mon Sep 17 00:00:00 2001
From: Martin McKeaveney <martin@shogunsystems.co.uk>
Date: Wed, 13 Oct 2021 12:26:26 +0100
Subject: [PATCH] encapsulate global logout function

---
 packages/auth/src/utils.js                    | 22 +++++++++----------
 .../src/api/controllers/global/users.js       |  5 +----
 2 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/packages/auth/src/utils.js b/packages/auth/src/utils.js
index 2f24657ed3..823fd06322 100644
--- a/packages/auth/src/utils.js
+++ b/packages/auth/src/utils.js
@@ -240,22 +240,20 @@ exports.saveUser = async (
 /**
  * Logs a user out from budibase. Re-used across account portal and builder.
  */
-exports.platformLogout = async ({
-  ctx,
-  userId,
-  sessionId,
-  keepActiveSession,
-}) => {
+exports.platformLogout = async ({ ctx, userId, keepActiveSession }) => {
+  if (!ctx) throw new Error("Koa context must be supplied to logout.")
+
+  const currentSession = this.getCookie(ctx, Cookies.Auth)
   let sessions = await getUserSessions(userId)
 
   if (keepActiveSession) {
-    sessions = sessions.filter(session => session.sessionId !== sessionId)
+    sessions = sessions.filter(
+      session => session.sessionId !== currentSession.sessionId
+    )
   } else {
-    if (ctx) {
-      // clear cookies
-      this.clearCookie(ctx, Cookies.Auth)
-      this.clearCookie(ctx, Cookies.CurrentApp)
-    }
+    // clear cookies
+    this.clearCookie(ctx, Cookies.Auth)
+    this.clearCookie(ctx, Cookies.CurrentApp)
   }
 
   await invalidateSessions(
diff --git a/packages/worker/src/api/controllers/global/users.js b/packages/worker/src/api/controllers/global/users.js
index 0e50a9fcd0..ed70d6122e 100644
--- a/packages/worker/src/api/controllers/global/users.js
+++ b/packages/worker/src/api/controllers/global/users.js
@@ -3,9 +3,8 @@ const {
   StaticDatabases,
   generateNewUsageQuotaDoc,
 } = require("@budibase/auth/db")
-const { hash, getGlobalUserByEmail, saveUser, platformLogout, getCookie } =
+const { hash, getGlobalUserByEmail, saveUser, platformLogout } =
   require("@budibase/auth").utils
-const { Cookies } = require("@budibase/auth").constants
 const { EmailTemplatePurpose } = require("../../../constants")
 const { checkInviteCode } = require("../../../utilities/redis")
 const { sendEmail } = require("../../../utilities/email")
@@ -178,11 +177,9 @@ exports.updateSelf = async ctx => {
     // changing password
     ctx.request.body.password = await hash(ctx.request.body.password)
     // Log all other sessions out apart from the current one
-    const authCookie = getCookie(ctx, Cookies.Auth)
     await platformLogout({
       ctx,
       userId: ctx.user._id,
-      sessionId: authCookie.sessionId,
       keepActiveSession: true,
     })
   }