Browse Source

Session object deletion on logout;

master
Erik Römmelt 4 years ago
parent
commit
ae5360386a
3 changed files with 55 additions and 41 deletions
  1. 13
    12
      public/routes/auth.js
  2. 40
    29
      server/authorization.js
  3. 2
    0
      server/dbs.js

+ 13
- 12
public/routes/auth.js View File

@@ -1,8 +1,8 @@
function clearAuthState() {
auth.user = ''; // Login name
auth.name = ''; // Full name
auth.type = ''; // type of login (domain specific)
auth.mail = ''; // Full mail address
auth.type = ''; // type of login (domain specific)
auth.roles = {}; // Role authorizations e.g. {user: true}
auth.gender = ''; // Gender (e.g. Frau)
auth.abos = []; // Followed tags
@@ -24,15 +24,16 @@ function updateUserInDB() {
$.ajax({
url: "api/usr",
data: {
abos: JSON.stringify(auth.abos),
bookmarks: JSON.stringify(auth.bookmarks),
mail: auth.mail,
name: auth.name,
_id: auth.user,
roles: JSON.stringify(auth.roles),
name: auth.name,
mail: auth.mail,
type: auth.type,
gender: auth.gender,
roles: JSON.stringify(auth.roles),
abos: JSON.stringify(auth.abos),
bookmarks: JSON.stringify(auth.bookmarks),
},
method: "POST"
method: "PUT"
}).done(successful_save).fail(failed_save);

function successful_save(res) {
@@ -74,7 +75,7 @@ Vue.component('login-panel', {
</b-input>
</b-field>
<b-checkbox>Eingeloggt bleiben</b-checkbox>
<div v-if="error" style="color:red;"> Versuche es nochmal.</div>
<div v-if="error" :key="error" style="color:red;"> Versuche es nochmal.</div>
</section>
<footer class="modal-card-foot">
<button class="button" type="button" @click.prevent="$parent.close()">Close</button>
@@ -90,9 +91,9 @@ Vue.component('login-panel', {
},
// TODO: Check if enough for session cookie re-login; checkbox
// Doesn't work
// mounted: function() {
// this.checkData();
// },
beforeMount: function() {
this.checkData();
},
methods: {
closeLoginPanel: function() {
this.$emit('close-login-panel');
@@ -120,7 +121,7 @@ Vue.component('login-panel', {

function successful_login(resData) {
fillAuthState(resData);
updateUserInDB();
// updateUserInDB();
console.info("Correct credentials");
this.closeLoginPanel;


+ 40
- 29
server/authorization.js View File

@@ -18,28 +18,25 @@ function fillSession (req, user, roles, cb) {
if (req.session === undefined)
next (common.genError (500, "Error"));
// regenerate a new session-id with clean instance
req.session.regenerate (function (err) {
if (user !== undefined && ! err) {
common.shallowCopy (user, serverVisibleSession, {roles: true}, req.session);
console.info(req.session);
if (user._id) {
req.session.user = user._id;
}
req.session.roles = roles;
} else if (user === undefined && roles === undefined) {
// User logged out
req.session.destroy(function(err) {
if (err) {
console.error(err);
if (user !== undefined && roles !== undefined) {
req.session.regenerate (function (err) {
if (user !== undefined && ! err) {
common.shallowCopy (user, serverVisibleSession, {roles: true}, req.session);
console.info(req.session);
if (user._id) {
req.session.user = user._id;
}
});
}
return cb (err);
});
req.session.roles = roles;
}
return cb (err);
});
} else {
return cb ();
}
}

// Save found user into DB, if not already exists
function saveFoundToDB(found) {
function saveFoundToDB(found, cb) {
console.info(found);
Users.findById(found.user)
.exec(function(err, result){
@@ -54,9 +51,10 @@ function saveFoundToDB(found) {
name: found.name,
mail: found.mail,
type: found.type,
abos: '',
bookmarks: '',
roles: '',
gender: found.gender,
// abos: '',
// bookmarks: '',
roles: 'user',
}, function(err, done) {
if (err) {
console.error("User creation: Failed");
@@ -67,7 +65,10 @@ function saveFoundToDB(found) {
if (done == null) {
console.error("Can not create user.");
}
return cb(err);
});
} else {
return cb(err);
}
});
}
@@ -114,12 +115,13 @@ const authorization = {
// check local database, then ldap
Users.findById (req.body.user) .exec (function (err, entry) {
// If there is a local user AND it has a password associated, test against this, and only this
// if (entry != null && entry.pwd) {
// if (crypto.checkLocalAuth (entry, req.body.pwd)) {
// return fillSession (req, entry, common.arrayToHash(entry.roles), returnSession);
// }
// return returnError ();
// }
if (entry != null && entry.pwd) {
if (crypto.checkLocalAuth (entry, req.body.pwd)) {
console.info(entry.roles);
return fillSession (req, entry, JSON.stringify(entry.roles), returnSession);
}
return returnError ();
}

// check ldap
ldap.authorize (user.toLowerCase(), pwd, function (found) {
@@ -140,14 +142,23 @@ const authorization = {
entry.orclgender = found.orclgender;
return fillSession (req, entry, entry.roles.length > 0 ? common.arrayToHash(entry.roles) : {user:true}, returnSession);
}

// Otherwise create standard user entry
saveFoundToDB(found);
return fillSession (req, found, {user:true}, returnSession);
saveFoundToDB(found, function() {
return fillSession (req, found, {user:true}, returnSession);
});
});
});
},
logout: function (req, res, next) {
fillSession (req, undefined, undefined, function (err) {
// Session delete, exists further in db
req.session.destroy(function(err) {
if (err) {
console.error(err);
}
});
console.info(req.session);
return res.json ({});
});
},

+ 2
- 0
server/dbs.js View File

@@ -224,6 +224,7 @@ const dbs = {
name: req.body.name,
mail: req.body.mail,
type: req.body.type,
gender: req.body.gender,
abos: req.body.abos,
bookmarks: req.body.bookmarks,
roles: req.body.roles,
@@ -367,6 +368,7 @@ const dbs = {
_comment: "" },
mail: { type: String },
type: { type: String },
gender: { type: String },
pwd: { type: String,
_comment: "" },
hash: { type: String },

Loading…
Cancel
Save