mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-18 03:26:34 +02:00
Merge branch 'dev' into local-connection
This commit is contained in:
@@ -16,18 +16,26 @@ export async function logout(
|
||||
next: NextFunction
|
||||
): Promise<any> {
|
||||
const { user, session } = await verifySession(req);
|
||||
const isSecure = req.protocol === "https";
|
||||
|
||||
// Always clear the session cookie so logout is idempotent, even when
|
||||
// the session is already missing or invalid
|
||||
res.setHeader("Set-Cookie", createBlankSessionTokenCookie(isSecure));
|
||||
|
||||
if (!user || !session) {
|
||||
if (config.getRawConfig().app.log_failed_attempts) {
|
||||
logger.info(
|
||||
`Log out failed because missing or invalid session. IP: ${req.ip}.`
|
||||
`Log out with missing or invalid session. IP: ${req.ip}.`
|
||||
);
|
||||
}
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
"You must be logged in to sign out"
|
||||
)
|
||||
);
|
||||
|
||||
return response<null>(res, {
|
||||
data: null,
|
||||
success: true,
|
||||
error: false,
|
||||
message: "Logged out successfully",
|
||||
status: HttpCode.OK
|
||||
});
|
||||
}
|
||||
|
||||
try {
|
||||
@@ -37,9 +45,6 @@ export async function logout(
|
||||
logger.error("Failed to invalidate session", error);
|
||||
}
|
||||
|
||||
const isSecure = req.protocol === "https";
|
||||
res.setHeader("Set-Cookie", createBlankSessionTokenCookie(isSecure));
|
||||
|
||||
return response<null>(res, {
|
||||
data: null,
|
||||
success: true,
|
||||
|
||||
@@ -99,7 +99,7 @@ export async function requestPasswordReset(
|
||||
});
|
||||
});
|
||||
|
||||
const url = `${config.getRawConfig().app.dashboard_url}/auth/reset-password?email=${email}&token=${token}`;
|
||||
const url = `${config.getRawConfig().app.dashboard_url}/auth/reset-password?email=${encodeURIComponent(email)}&token=${token}`;
|
||||
|
||||
if (!config.getRawConfig().email) {
|
||||
logger.info(
|
||||
|
||||
@@ -94,7 +94,7 @@ export async function adminGeneratePasswordResetCode(
|
||||
});
|
||||
});
|
||||
|
||||
const url = `${config.getRawConfig().app.dashboard_url}/auth/reset-password?email=${existingUser[0].email}&token=${token}`;
|
||||
const url = `${config.getRawConfig().app.dashboard_url}/auth/reset-password?email=${encodeURIComponent(existingUser[0].email!)}&token=${token}`;
|
||||
|
||||
logger.info(
|
||||
`Admin generated password reset code for user ${existingUser[0].email} (${userId})`
|
||||
|
||||
@@ -287,7 +287,7 @@ export async function inviteUser(
|
||||
)
|
||||
);
|
||||
|
||||
const inviteLink = `${config.getRawConfig().app.dashboard_url}/invite?token=${inviteId}-${token}&email=${email}`;
|
||||
const inviteLink = `${config.getRawConfig().app.dashboard_url}/invite?token=${inviteId}-${token}&email=${encodeURIComponent(email)}`;
|
||||
|
||||
if (doEmail) {
|
||||
await sendEmail(
|
||||
@@ -341,7 +341,7 @@ export async function inviteUser(
|
||||
.values(uniqueRoleIds.map((roleId) => ({ inviteId, roleId })));
|
||||
});
|
||||
|
||||
const inviteLink = `${config.getRawConfig().app.dashboard_url}/invite?token=${inviteId}-${token}&email=${email}`;
|
||||
const inviteLink = `${config.getRawConfig().app.dashboard_url}/invite?token=${inviteId}-${token}&email=${encodeURIComponent(email)}`;
|
||||
|
||||
if (doEmail) {
|
||||
await sendEmail(
|
||||
|
||||
Reference in New Issue
Block a user