Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: deletes all sessions for user on logout #2071

Merged
merged 2 commits into from
Sep 23, 2022
Merged

fix: deletes all sessions for user on logout #2071

merged 2 commits into from
Sep 23, 2022

Conversation

chriswk
Copy link
Contributor

@chriswk chriswk commented Sep 19, 2022

To ensure we clean up sessions on logout this PR does two things:

  1. When users changes password, it deletes all sessions for user
  2. When logging out, it deletes all sessions for user, not just the current one in the request.

Will add a test before moving from draft

@vercel
Copy link

vercel bot commented Sep 19, 2022
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

3 Ignored Deployments
Name Status Preview Updated
unleash ⬜️ Ignored (Inspect) Sep 19, 2022 at 9:07AM (UTC)
unleash-docs ⬜️ Ignored (Inspect) Sep 19, 2022 at 9:07AM (UTC)
unleash-monorepo-frontend ⬜️ Ignored (Inspect) Sep 19, 2022 at 9:07AM (UTC)

@github-actions
Copy link

github-actions bot commented Sep 19, 2022
edited

Coverage report

St.
 Category Percentage Covered / Total
🟢 Statements
88.27% (-3.1% 🔻)
 7052/7989
🟡 Branches 78.72% 1099/1396
🟢 Functions
81.89% (-4.34% 🔻)
 1985/2424
🟢 Lines
88.57% (-2.74% 🔻)
 6538/7382

⚠️ Details were not displayed: the report size has exceeded the limit.

Test suite run success

1159 tests passing in 191 suites.

Report generated by 🧪jest coverage report action from 180855a

@chriswk chriswk marked this pull request as ready for review September 19, 2022 09:08
@chriswk
Copy link
Contributor Author

chriswk commented Sep 19, 2022

tests added both for invalidating sessions when changing password and for logging out

gardleopard
gardleopard reviewed Sep 23, 2022
View reviewed changes
src/lib/routes/logout.test.ts
app.use('/logout', new LogoutController(config, { sessionService }).router);
await supertest(app).get('/logout').expect(302);
let activeSessions = await sessionStore.getSessionsForUser(1);
expect(activeSessions).toHaveLength(0);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice

gardleopard
gardleopard approved these changes Sep 23, 2022
View reviewed changes
Copy link
Contributor

@gardleopard gardleopard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

src/test/e2e/api/admin/user-admin.e2e.test.ts
.post(`/api/admin/user-admin/${user.id}/change-password`)
.send({ password: 'simple123-_ASsad' })
.expect(200);
expect(spy).toHaveBeenCalled();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice:D

@chriswk chriswk merged commit 667fb9a into main Sep 23, 2022
@chriswk chriswk deleted the task/killAllSessionsOnLogout branch September 23, 2022 12:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gardleopard gardleopard gardleopard approved these changes

@ivarconr ivarconr Awaiting requested review from ivarconr

@FredrikOseberg FredrikOseberg Awaiting requested review from FredrikOseberg

@sjaanus sjaanus Awaiting requested review from sjaanus

Assignees
No one assigned
Labels
None yet
Projects
Issues and PRs
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@chriswk @gardleopard