move invalidation to the creation of a session
This commit is contained in:
parent
f4557fb220
commit
9faaecb57e
|
@ -5,10 +5,7 @@ const env = require("../../environment")
|
|||
const { getGlobalUserByEmail } = require("../../utils")
|
||||
const { authError } = require("./utils")
|
||||
const { newid } = require("../../hashing")
|
||||
const {
|
||||
createASession,
|
||||
invalidateSessions,
|
||||
} = require("../../security/sessions")
|
||||
const { createASession } = require("../../security/sessions")
|
||||
const { getTenantId } = require("../../tenancy")
|
||||
|
||||
const INVALID_ERR = "Invalid credentials"
|
||||
|
@ -56,9 +53,6 @@ exports.authenticate = async function (ctx, email, password, done) {
|
|||
|
||||
// authenticate
|
||||
if (await compare(password, dbUser.password)) {
|
||||
// invalidate all other sessions
|
||||
await invalidateSessions(dbUser._id)
|
||||
|
||||
const sessionId = newid()
|
||||
const tenantId = getTenantId()
|
||||
await createASession(dbUser._id, { sessionId, tenantId })
|
||||
|
|
|
@ -4,10 +4,7 @@ const { generateGlobalUserID } = require("../../db/utils")
|
|||
const { saveUser } = require("../../utils")
|
||||
const { authError } = require("./utils")
|
||||
const { newid } = require("../../hashing")
|
||||
const {
|
||||
createASession,
|
||||
invalidateSessions,
|
||||
} = require("../../security/sessions")
|
||||
const { createASession } = require("../../security/sessions")
|
||||
const { getGlobalUserByEmail } = require("../../utils")
|
||||
const { getGlobalDB, getTenantId } = require("../../tenancy")
|
||||
const fetch = require("node-fetch")
|
||||
|
@ -79,9 +76,6 @@ exports.authenticateThirdParty = async function (
|
|||
// never prompt for password reset
|
||||
dbUser.forceResetPassword = false
|
||||
|
||||
// invalidate all other sessions
|
||||
await invalidateSessions(dbUser._id)
|
||||
|
||||
// create or sync the user
|
||||
let response
|
||||
try {
|
||||
|
|
|
@ -15,6 +15,9 @@ function makeSessionID(userId, sessionId) {
|
|||
}
|
||||
|
||||
exports.createASession = async (userId, session) => {
|
||||
// invalidate all other sessions
|
||||
await this.invalidateSessions(userId)
|
||||
|
||||
const client = await redis.getSessionClient()
|
||||
const sessionId = session.sessionId
|
||||
if (!session.csrfToken) {
|
||||
|
|
Loading…
Reference in New Issue