jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Destroy all session by a user if wanted

Browse Source
This commit is contained in:
Johannes Zellner
2019-11-08 21:14:12 +01:00
parent a887e19d46
commit 467283d5e0
1 changed files with 39 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/oauth2.js
+39 -3
View File
@@ -21,6 +21,7 @@ exports = module.exports = {
var apps = require('../apps.js'),
assert = require('assert'),
async = require('async'),
authcodedb = require('../authcodedb.js'),
BoxError = require('../boxerror.js'),
clients = require('../clients'),
@@ -275,10 +276,45 @@ function login(req, res) {
// -> GET /api/v1/session/logout
function logout(req, res) {
req.logout();
function done() {
req.logout();
if (req.query && req.query.redirect) res.redirect(req.query.redirect);
else res.redirect('/');
if (req.query && req.query.redirect) res.redirect(req.query.redirect);
else res.redirect('/');
}
if (!req.query.all) return done();
// find and destroy all login sessions by this user - this got rather complex quickly
req.sessionStore.list(function (error, result) {
if (error) {
console.error('Error listing sessions', error);
return done();
}
// WARNING fix this if we change the storage backend - Great stuff!
var sessionIds = result.map(function(s) { return s.replace('.json', ''); });
async.each(sessionIds, function (id, callback) {
req.sessionStore.get(id, function (error, result) {
if (error) {
console.error(`Error getting session ${id}`, error);
return callback();
}
// ignore empty or non passport sessions
if (!result || !result.passport || !result.passport.user) return callback();
// not this user
if (result.passport.user !== req.user.id) return callback();
req.sessionStore.destroy(id, function (error) {
if (error) console.error(`Unable to destroy session ${id}`, error);
callback();
});
});
}, done);
});
}
// Form to enter email address to send a password reset request mail