Merge remote-tracking branch 'origin/stable'

src/routes/api/login.js

@@ -78,6 +78,12 @@ function loginToProtectedSession(req) {
     };
 }
 
+function logoutFromProtectedSession() {
+    protectedSessionService.resetDataKey();
+
+    eventService.emit(eventService.LEAVE_PROTECTED_SESSION);
+}
+
 function token(req) {
     const username = req.body.username;
     const password = req.body.password;
@@ -101,5 +107,6 @@ function token(req) {
 module.exports = {
     loginSync,
     loginToProtectedSession,
+    logoutFromProtectedSession,
     token
 };

src/routes/api/sync.js

@@ -200,9 +200,7 @@ function queueSector(req) {
     const entityName = utils.sanitizeSqlIdentifier(req.params.entityName);
     const sector = utils.sanitizeSqlIdentifier(req.params.sector);
 
-    const entityPrimaryKey = entityConstructor.getEntityFromEntityName(entityName).primaryKeyName;
-
-    entityChangesService.addEntityChangesForSector(entityName, entityPrimaryKey, sector);
+    entityChangesService.addEntityChangesForSector(entityName, sector);
 }
 
 module.exports = {

src/routes/routes.js

@@ -271,6 +271,8 @@ function register(app) {
     route(POST, '/api/login/sync', [], loginApiRoute.loginSync, apiResultHandler);
     // this is for entering protected mode so user has to be already logged-in (that's the reason we don't require username)
     apiRoute(POST, '/api/login/protected', loginApiRoute.loginToProtectedSession);
+    apiRoute(POST, '/api/logout/protected', loginApiRoute.logoutFromProtectedSession);
+
     route(POST, '/api/login/token', [], loginApiRoute.token, apiResultHandler);
 
     // in case of local electron, local calls are allowed unauthenticated, for server they need auth