Browse Source

fix: clear refresh-token on signout

re #985

Signed-off-by: Pranav C <pranavxc@gmail.com>
pull/988/head
Pranav C 3 years ago
parent
commit
280f203b1a
  1. 18
      packages/nc-gui/store/users.js
  2. 23
      packages/nocodb/src/lib/noco/rest/RestAuthCtrl.ts

18
packages/nc-gui/store/users.js

@ -275,27 +275,23 @@ export const actions = {
return err return err
}, },
async ActSignOut({ commit }) { async ActSignOut({ commit, state }) {
// console.log('in action signout'); // console.log('in action signout');
let err = null let err = null
try { try {
// let err = await this.$axios.get('/auth/signout');
// console.log(err); // console.log(err);
await this.$axios.post('/auth/signout', null, {
headers: {
'xc-auth': state.token
}
})
commit('MutSetUser', null) commit('MutSetUser', null)
commit('MutSetToken', null) commit('MutSetToken', null)
commit('MutMasterKey', null) commit('MutMasterKey', null)
commit('MutAuthType', null) commit('MutAuthType', null)
// commit('MutSetProjectToNull', null)
// commit('MutSetPaidUser', false);
//
// commit('MutUiAbility', {
// rules: {
// darkTheme: false,
// maxTables: 5,
// }
// })
} catch (e) { } catch (e) {
err = e err = e
console.log(e) console.log(e)

23
packages/nocodb/src/lib/noco/rest/RestAuthCtrl.ts

@ -287,6 +287,7 @@ export default class RestAuthCtrl {
}); });
this.app.router.get(`/user/me`, this.me); this.app.router.get(`/user/me`, this.me);
this.app.router.post(`/auth/signout`, this.signout);
/* Admin APIs */ /* Admin APIs */
this.app.router.use('/admin', this.isAdmin); this.app.router.use('/admin', this.isAdmin);
@ -994,6 +995,28 @@ export default class RestAuthCtrl {
} }
} }
protected async signout(req, res, next): Promise<any> {
try {
res.clearCookie('refresh_token');
const email = req?.session?.passport?.user?.email?.toLowerCase();
if (email) {
await this.users
.update({
refresh_token: null
})
.where({
email
});
}
res.json({ msg: 'Success' });
} catch (e) {
console.log(e);
next(e);
}
}
protected async passwordForgot(req, res, next): Promise<any> { protected async passwordForgot(req, res, next): Promise<any> {
const _email = req.body.email; const _email = req.body.email;
if (!_email) { if (!_email) {

Loading…
Cancel
Save