jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Make autologin token only one-time use

Browse Source
This commit is contained in:
Johannes Zellner
2024-04-04 10:29:36 +02:00
parent 5744cb7318
commit a4e822dec2
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/oidc.js
+3
View File
@@ -542,6 +542,9 @@ function interactionLogin(provider) {
await eventlog.add(user.ghost ? eventlog.ACTION_USER_LOGIN_GHOST : eventlog.ACTION_USER_LOGIN, auditSource, { userId: user.id, user: users.removePrivateFields(user), appId: clientId });
if (!user.ghost) safe(users.notifyLoginLocation(user, ip, userAgent, auditSource), { debug });
// clear token as it is one-time use
await tokens.delByAccessToken(req.body.autoLoginToken);
return res.status(200).send({ redirectTo });
}