MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

move invalidation to the creation of a session

This commit is contained in:
Maurits Lourens 2022-03-29 11:59:16 +02:00
parent f4557fb220
commit 9faaecb57e
3 changed files with 5 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
packages/backend-core/src/middleware/passport/local.js
View File

@ -5,10 +5,7 @@ const env = require("../../environment")
const { getGlobalUserByEmail } = require("../../utils") const { getGlobalUserByEmail } = require("../../utils")
const { authError } = require("./utils") const { authError } = require("./utils")
const { newid } = require("../../hashing") const { newid } = require("../../hashing")
const { const { createASession } = require("../../security/sessions")
createASession,
invalidateSessions,
} = require("../../security/sessions")
const { getTenantId } = require("../../tenancy") const { getTenantId } = require("../../tenancy")
const INVALID_ERR = "Invalid credentials" const INVALID_ERR = "Invalid credentials"
@ -56,9 +53,6 @@ exports.authenticate = async function (ctx, email, password, done) {
// authenticate // authenticate
if (await compare(password, dbUser.password)) { if (await compare(password, dbUser.password)) {
// invalidate all other sessions
await invalidateSessions(dbUser._id)
const sessionId = newid() const sessionId = newid()
const tenantId = getTenantId() const tenantId = getTenantId()
await createASession(dbUser._id, { sessionId, tenantId }) await createASession(dbUser._id, { sessionId, tenantId })

8
packages/backend-core/src/middleware/passport/third-party-common.js
View File

@ -4,10 +4,7 @@ const { generateGlobalUserID } = require("../../db/utils")
const { saveUser } = require("../../utils") const { saveUser } = require("../../utils")
const { authError } = require("./utils") const { authError } = require("./utils")
const { newid } = require("../../hashing") const { newid } = require("../../hashing")
const { const { createASession } = require("../../security/sessions")
createASession,
invalidateSessions,
} = require("../../security/sessions")
const { getGlobalUserByEmail } = require("../../utils") const { getGlobalUserByEmail } = require("../../utils")
const { getGlobalDB, getTenantId } = require("../../tenancy") const { getGlobalDB, getTenantId } = require("../../tenancy")
const fetch = require("node-fetch") const fetch = require("node-fetch")
@ -79,9 +76,6 @@ exports.authenticateThirdParty = async function (
// never prompt for password reset // never prompt for password reset
dbUser.forceResetPassword = false dbUser.forceResetPassword = false
// invalidate all other sessions
await invalidateSessions(dbUser._id)
// create or sync the user // create or sync the user
let response let response
try { try {

3
packages/backend-core/src/security/sessions.js
View File

@ -15,6 +15,9 @@ function makeSessionID(userId, sessionId) {
} }
exports.createASession = async (userId, session) => { exports.createASession = async (userId, session) => {
// invalidate all other sessions
await this.invalidateSessions(userId)
const client = await redis.getSessionClient() const client = await redis.getSessionClient()
const sessionId = session.sessionId const sessionId = session.sessionId
if (!session.csrfToken) { if (!session.csrfToken) {