eventlog: add logout

fixes #757
2021-01-06 21:57:23 -08:00
parent af683b5fa4
commit 624e34d02d
5 changed files with 19 additions and 29 deletions
@@ -1,11 +1,11 @@
 'use strict';

 exports = module.exports = {
-    passwordAuth: passwordAuth,
-    tokenAuth: tokenAuth,
+    passwordAuth,
+    tokenAuth,

-    authorize: authorize,
-    websocketAuth: websocketAuth
+    authorize,
+    websocketAuth
 };

 var accesscontrol = require('../accesscontrol.js'),
@@ -99,6 +99,7 @@ function tokenAuth(req, res, next) {
        if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new HttpError(401, 'Unauthorized'));
        if (error) return next(new HttpError(500, error.message));

+        req.access_token = token; // used in logout route
        req.user = user;

        next();
@@ -64,24 +64,11 @@ function login(req, res, next) {
 }

 function logout(req, res) {
-    var token;
+    assert.strictEqual(typeof req.access_token, 'string');

-    // this determines the priority
-    if (req.body && req.body.access_token) token = req.body.access_token;
-    if (req.query && req.query.access_token) token = req.query.access_token;
-    if (req.headers && req.headers.authorization) {
-        var parts = req.headers.authorization.split(' ');
-        if (parts.length == 2) {
-            var scheme = parts[0];
-            var credentials = parts[1];
+    eventlog.add(eventlog.ACTION_USER_LOGOUT, auditSource.fromRequest(req), { userId: req.user.id, user: users.removePrivateFields(req.user) });

-            if (/^Bearer$/i.test(scheme)) token = credentials;
-        }
-    }
-
-    if (!token) return res.redirect('/login.html');
-
-    tokendb.delByAccessToken(token, function () { res.redirect('/login.html'); });
+    tokendb.delByAccessToken(req.access_token, function () { res.redirect('/login.html'); });
 }

 function passwordResetRequest(req, res, next) {