diff --git a/.gitignore b/.gitignore index 811e2ea2b..7c0007dc9 100644 --- a/.gitignore +++ b/.gitignore @@ -14,6 +14,7 @@ client/coral-framework/graphql/introspection.json *.swp *.DS_STORE .prettierrc.json +.vscode coverage/ test/e2e/reports/ diff --git a/routes/api/v1/auth.js b/routes/api/v1/auth.js index 369f4278a..d8e0544a9 100644 --- a/routes/api/v1/auth.js +++ b/routes/api/v1/auth.js @@ -4,6 +4,7 @@ const { HandleGenerateCredentials, HandleLogout, } = require('../../../services/passport'); +const authz = require('../../../middleware/authorization'); const router = express.Router(); /** @@ -26,7 +27,7 @@ router.get('/', (req, res, next) => { /** * This blacklists the token used to authenticate. */ -router.delete('/', HandleLogout); +router.delete('/', authz.needed(), HandleLogout); //============================================================================== // PASSPORT ROUTES diff --git a/services/passport.js b/services/passport.js index 59215dd54..5748c911b 100644 --- a/services/passport.js +++ b/services/passport.js @@ -184,24 +184,24 @@ async function ValidateUserLogin(loginProfile, user, done) { * Revoke the token on the request. */ const HandleLogout = async (req, res, next) => { - const { jwt } = req; - - const now = new Date(); - const expiry = (jwt.exp - now.getTime() / 1000).toFixed(0); - try { + const { jwt } = req; + + const now = new Date(); + const expiry = (jwt.exp - now.getTime() / 1000).toFixed(0); + await client().set(`jtir[${jwt.jti}]`, now.toISOString(), 'EX', expiry); + + // Only clear the cookie on logout if enabled. + if (JWT_CLEAR_COOKIE_LOGOUT) { + debug('clearing the login cookie'); + res.clearCookie(JWT_SIGNING_COOKIE_NAME); + } + + res.status(204).end(); } catch (err) { return next(err); } - - // Only clear the cookie on logout if enabled. - if (JWT_CLEAR_COOKIE_LOGOUT) { - debug('clearing the login cookie'); - res.clearCookie(JWT_SIGNING_COOKIE_NAME); - } - - res.status(204).end(); }; const checkGeneralTokenBlacklist = jwt =>