Merge pull request #1447 from coralproject/logout-bug

Logout Fix
This commit is contained in:
Kim Gardner
2018-03-14 18:30:19 -04:00
committed by GitHub
3 changed files with 16 additions and 14 deletions
+1
View File
@@ -14,6 +14,7 @@ client/coral-framework/graphql/introspection.json
*.swp
*.DS_STORE
.prettierrc.json
.vscode
coverage/
test/e2e/reports/
+2 -1
View File
@@ -4,6 +4,7 @@ const {
HandleGenerateCredentials,
HandleLogout,
} = require('../../../services/passport');
const authz = require('../../../middleware/authorization');
const router = express.Router();
/**
@@ -26,7 +27,7 @@ router.get('/', (req, res, next) => {
/**
* This blacklists the token used to authenticate.
*/
router.delete('/', HandleLogout);
router.delete('/', authz.needed(), HandleLogout);
//==============================================================================
// PASSPORT ROUTES
+13 -13
View File
@@ -184,24 +184,24 @@ async function ValidateUserLogin(loginProfile, user, done) {
* Revoke the token on the request.
*/
const HandleLogout = async (req, res, next) => {
const { jwt } = req;
const now = new Date();
const expiry = (jwt.exp - now.getTime() / 1000).toFixed(0);
try {
const { jwt } = req;
const now = new Date();
const expiry = (jwt.exp - now.getTime() / 1000).toFixed(0);
await client().set(`jtir[${jwt.jti}]`, now.toISOString(), 'EX', expiry);
// Only clear the cookie on logout if enabled.
if (JWT_CLEAR_COOKIE_LOGOUT) {
debug('clearing the login cookie');
res.clearCookie(JWT_SIGNING_COOKIE_NAME);
}
res.status(204).end();
} catch (err) {
return next(err);
}
// Only clear the cookie on logout if enabled.
if (JWT_CLEAR_COOKIE_LOGOUT) {
debug('clearing the login cookie');
res.clearCookie(JWT_SIGNING_COOKIE_NAME);
}
res.status(204).end();
};
const checkGeneralTokenBlacklist = jwt =>