Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-02-28 01:21:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: log out user if session cookie resolves to non-existent uid

Browse Source
This commit is contained in:
Julian Lam
2025-11-10 11:55:19 -05:00
parent 3a81f90322
commit 5d9da6035e
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/controllers/authentication.js
View File

@@ -490,7 +490,7 @@ authenticationController.logout = async function (req, res) {
}; };
await plugins.hooks.fire('filter:user.logout', payload); await plugins.hooks.fire('filter:user.logout', payload);
if (req.body?.noscript === 'true') { if (req.body?.noscript === 'true' || res.locals.logoutRedirect === true) {
return res.redirect(payload.next); return res.redirect(payload.next);
} }
res.status(200).send(payload); res.status(200).send(payload);

6
src/middleware/user.js
View File

@@ -53,6 +53,12 @@ module.exports = function (middleware) {
} }
if (req.loggedIn) { if (req.loggedIn) {
const exists = await user.exists(req.uid);
if (!exists) {
res.locals.logoutRedirect = true;
return controllers.authentication.logout(req, res);
}
return true; return true;
} else if (req.headers.hasOwnProperty('authorization')) { } else if (req.headers.hasOwnProperty('authorization')) {
const user = await passportAuthenticateAsync(req, res); const user = await passportAuthenticateAsync(req, res);