platform logout function

5 years ago · 3f279d8d0f
3 changed files with 25 additions and 12 deletions
--- a/packages/auth/src/utils.js
+++ b/packages/auth/src/utils.js
@ -243,19 +243,26 @@ exports.saveUser = async (
 /**
 * Logs a user out from budibase. Re-used across account portal and builder.
 */
-exports.logout = async ({ ctx, userId, sessionId, keepActiveSession }) => {
+exports.platformLogout = async ({
+  ctx,
+  userId,
+  sessionId,
+  keepActiveSession,
+}) => {
  let sessions = await getSessionsForUser(userId)

  if (keepActiveSession) {
    sessions = sessions.filter(session => session.sessionId !== sessionId)
+  } else {
+    if (ctx) {
+      // clear cookies
+      this.clearCookie(ctx, Cookies.Auth)
+      this.clearCookie(ctx, Cookies.CurrentApp)
+    }
  }

  await invalidateSessions(
    userId,
    sessions.map(({ sessionId }) => sessionId)
  )
-
-  // clear cookies
-  this.clearCookie(ctx, Cookies.Auth)
-  this.clearCookie(ctx, Cookies.CurrentApp)
 }
--- a/packages/worker/src/api/controllers/global/auth.js
+++ b/packages/worker/src/api/controllers/global/auth.js
@ -14,7 +14,7 @@ const {
  isMultiTenant,
 } = require("@budibase/auth/tenancy")
 const env = require("../../../environment")
-const { endSession } = require("../../../../../auth/sessions")
+const { platformLogout } = require("../../../../../auth/src/utils")

 function googleCallbackUrl(config) {
  // incase there is a callback URL from before
@ -122,10 +122,7 @@ exports.resetUpdate = async ctx => {
 }

 exports.logout = async ctx => {
-  const authCookie = getCookie(ctx, Cookies.Auth)
-  clearCookie(ctx, Cookies.Auth)
-  clearCookie(ctx, Cookies.CurrentApp)
-  await endSession(authCookie.sessionId)
+  await platformLogout({ ctx, userId: ctx.user._id })
  ctx.body = { message: "User logged out." }
 }

--- a/packages/worker/src/api/controllers/global/users.js
+++ b/packages/worker/src/api/controllers/global/users.js
@ -3,7 +3,9 @@ const {
  StaticDatabases,
  generateNewUsageQuotaDoc,
 } = require("@budibase/auth/db")
-const { hash, getGlobalUserByEmail, saveUser } = require("@budibase/auth").utils
+const { hash, getGlobalUserByEmail, saveUser, platformLogout, getCookie } =
+  require("@budibase/auth").utils
+const { Cookies } = require("@budibase/auth").constants
 const { EmailTemplatePurpose } = require("../../../constants")
 const { checkInviteCode } = require("../../../utilities/redis")
 const { sendEmail } = require("../../../utilities/email")
@ -175,7 +177,14 @@ exports.updateSelf = async ctx => {
  if (ctx.request.body.password) {
    // changing password
    ctx.request.body.password = await hash(ctx.request.body.password)
-    await invalidateSessions(ctx.user._id)
+    // Log all other sessions out apart from the current one
+    const authCookie = getCookie(ctx, Cookies.Auth)
+    await platformLogout({
+      ctx,
+      userId: ctx.user._id,
+      sessionId: authCookie.sessionId,
+      keepActiveSession: true,
+    })
  }
  // don't allow sending up an ID/Rev, always use the existing one
  delete ctx.request.body._id