Server now deletes associated remember-me token on user requested log-outs.
This commit is contained in:
parent
61ec3ffc52
commit
1d5a087d79
|
|
@ -63,7 +63,7 @@ module.exports.post = async function(req, res){
|
||||||
const secure = config.protocol.toLowerCase() == "https";
|
const secure = config.protocol.toLowerCase() == "https";
|
||||||
|
|
||||||
//Create expiration date for cookies (180 days)
|
//Create expiration date for cookies (180 days)
|
||||||
const expires = new Date(Date.now() + (1000 * 60 * 60 * 24 * 180))
|
const expires = new Date(Date.now() + (1000 * 60 * 60 * 24 * 180));
|
||||||
|
|
||||||
//Set remember me ID and token as browser-side cookies for safe-keeping
|
//Set remember me ID and token as browser-side cookies for safe-keeping
|
||||||
res.cookie("rememberme.id", authToken.id, {sameSite: 'strict', httpOnly: true, secure, expires});
|
res.cookie("rememberme.id", authToken.id, {sameSite: 'strict', httpOnly: true, secure, expires});
|
||||||
|
|
|
||||||
|
|
@ -15,13 +15,36 @@ You should have received a copy of the GNU Affero General Public License
|
||||||
along with this program. If not, see <https://www.gnu.org/licenses/>.*/
|
along with this program. If not, see <https://www.gnu.org/licenses/>.*/
|
||||||
|
|
||||||
//local imports
|
//local imports
|
||||||
const accountUtils = require('../../../utils/sessionUtils');
|
const rememberMeModel = require('../../../schemas/user/rememberMeSchema');
|
||||||
const {exceptionHandler, errorHandler} = require('../../../utils/loggerUtils');
|
const sessionUtils = require('../../../utils/sessionUtils');
|
||||||
|
const {exceptionHandler} = require('../../../utils/loggerUtils');
|
||||||
|
const {validationResult, matchedData} = require('express-validator');
|
||||||
|
|
||||||
module.exports.post = async function(req, res){
|
module.exports.post = async function(req, res){
|
||||||
if(req.session.user){
|
if(req.session.user){
|
||||||
try{
|
try{
|
||||||
accountUtils.killSession(req.session);
|
sessionUtils.killSession(req.session);
|
||||||
|
|
||||||
|
//Check validation results
|
||||||
|
const validResult = validationResult(req);
|
||||||
|
|
||||||
|
//if we don't have errors
|
||||||
|
if(validResult.isEmpty()){
|
||||||
|
//Pull sanatzied/validated data
|
||||||
|
const data = matchedData(req);
|
||||||
|
|
||||||
|
//If the user has a remember me token id they've submitted with the request
|
||||||
|
if(data.rememberme.id){
|
||||||
|
//Find the associated token and nuke it
|
||||||
|
await rememberMeModel.deleteOne({id: data.rememberme.id})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
//Clear out remember me tokens
|
||||||
|
res.clearCookie("rememberme.id");
|
||||||
|
res.clearCookie("rememberme.token");
|
||||||
|
|
||||||
|
//Return status
|
||||||
return res.sendStatus(200);
|
return res.sendStatus(200);
|
||||||
}catch(err){
|
}catch(err){
|
||||||
return exceptionHandler(res, err);
|
return exceptionHandler(res, err);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue