Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-07-01 00:08:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

better error handling for session revocation if no login session is present, #4214

Browse Source
This commit is contained in:
Julian Lam
2016-07-25 12:15:02 -04:00
parent 4ce8696bbc
commit 71a5e4a8a1
4 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
public/src/client/account/settings.js
View File

@@ -113,7 +113,7 @@ define('forum/account/settings', ['forum/account/header', 'components'], functio
// This is done via DELETE because a user shouldn't be able to
// revoke his own session! This is what logout is for
$.ajax({
url: config.relative_path + '/user/' + ajaxify.data.userslug + '/session/' + uuid,
url: config.relative_path + '/api/user/' + ajaxify.data.userslug + '/session/' + uuid,
method: 'delete',
headers: {
'x-csrf-token': config.csrf_token
@@ -121,7 +121,15 @@ define('forum/account/settings', ['forum/account/header', 'components'], functio
}).done(function() {
parentEl.remove();
}).fail(function(err) {
app.alertError(err.responseText);
try {
var errorObj = JSON.parse(err.responseText);
if (errorObj.loggedIn === false) {
window.location.href = config.relative_path + '/login?error=' + errorObj.title;
}
app.alertError(errorObj.title);
} catch (e) {
app.alertError('[[error:invalid-data]]');
}
});
}
});

2
src/controllers/index.js
View File

@@ -108,6 +108,8 @@ Controllers.login = function(req, res, next) {
var errorText;
if (req.query.error === 'csrf-invalid') {
errorText = '[[error:csrf-invalid]]';
} else if (req.query.error) {
errorText = req.query.error;
}
data.alternate_logins = loginStrategies.length > 0;

2
src/middleware/middleware.js
View File

@@ -287,7 +287,7 @@ middleware.requireUser = function(req, res, next) {
return next();
}
res.render('403', {title: '[[global:403.title]]'});
res.status(403).render('403', {title: '[[global:403.title]]'});
};
middleware.privateUploads = function(req, res, next) {

2
src/routes/accounts.js
View File

@@ -28,7 +28,7 @@ module.exports = function (app, middleware, controllers) {
setupPageRoute(app, '/user/:userslug/info', middleware, accountMiddlewares, controllers.accounts.info.get);
setupPageRoute(app, '/user/:userslug/settings', middleware, accountMiddlewares, controllers.accounts.settings.get);
app.delete('/user/:userslug/session/:uuid', accountMiddlewares, controllers.accounts.session.revoke);
app.delete('/api/user/:userslug/session/:uuid', [middleware.requireUser, middleware.exposeUid], controllers.accounts.session.revoke);
setupPageRoute(app, '/notifications', middleware, [middleware.authenticate], controllers.accounts.notifications.get);
setupPageRoute(app, '/chats/:roomid?', middleware, [middleware.authenticate], controllers.accounts.chats.get);