platform logout function

This commit is contained in:
Martin McKeaveney 2021-10-12 19:49:34 +01:00
parent b38704978a
commit af7bddcf22
3 changed files with 25 additions and 12 deletions

View File

@ -243,19 +243,26 @@ exports.saveUser = async (
/**
* Logs a user out from budibase. Re-used across account portal and builder.
*/
exports.logout = async ({ ctx, userId, sessionId, keepActiveSession }) => {
exports.platformLogout = async ({
ctx,
userId,
sessionId,
keepActiveSession,
}) => {
let sessions = await getSessionsForUser(userId)
if (keepActiveSession) {
sessions = sessions.filter(session => session.sessionId !== sessionId)
} else {
if (ctx) {
// clear cookies
this.clearCookie(ctx, Cookies.Auth)
this.clearCookie(ctx, Cookies.CurrentApp)
}
}
await invalidateSessions(
userId,
sessions.map(({ sessionId }) => sessionId)
)
// clear cookies
this.clearCookie(ctx, Cookies.Auth)
this.clearCookie(ctx, Cookies.CurrentApp)
}

View File

@ -14,7 +14,7 @@ const {
isMultiTenant,
} = require("@budibase/auth/tenancy")
const env = require("../../../environment")
const { endSession } = require("../../../../../auth/sessions")
const { platformLogout } = require("../../../../../auth/src/utils")
function googleCallbackUrl(config) {
// incase there is a callback URL from before
@ -122,10 +122,7 @@ exports.resetUpdate = async ctx => {
}
exports.logout = async ctx => {
const authCookie = getCookie(ctx, Cookies.Auth)
clearCookie(ctx, Cookies.Auth)
clearCookie(ctx, Cookies.CurrentApp)
await endSession(authCookie.sessionId)
await platformLogout({ ctx, userId: ctx.user._id })
ctx.body = { message: "User logged out." }
}

View File

@ -3,7 +3,9 @@ const {
StaticDatabases,
generateNewUsageQuotaDoc,
} = require("@budibase/auth/db")
const { hash, getGlobalUserByEmail, saveUser } = require("@budibase/auth").utils
const { hash, getGlobalUserByEmail, saveUser, platformLogout, getCookie } =
require("@budibase/auth").utils
const { Cookies } = require("@budibase/auth").constants
const { EmailTemplatePurpose } = require("../../../constants")
const { checkInviteCode } = require("../../../utilities/redis")
const { sendEmail } = require("../../../utilities/email")
@ -175,7 +177,14 @@ exports.updateSelf = async ctx => {
if (ctx.request.body.password) {
// changing password
ctx.request.body.password = await hash(ctx.request.body.password)
await invalidateSessions(ctx.user._id)
// Log all other sessions out apart from the current one
const authCookie = getCookie(ctx, Cookies.Auth)
await platformLogout({
ctx,
userId: ctx.user._id,
sessionId: authCookie.sessionId,
keepActiveSession: true,
})
}
// don't allow sending up an ID/Rev, always use the existing one
delete ctx.request.body._id