From 4a0918149882dafb1e1022ba5cd96b819bb25f37 Mon Sep 17 00:00:00 2001 From: Benjamin Schieder Date: Wed, 26 Apr 2017 07:44:34 +0100 Subject: [PATCH] properly invalidate session ids on logout --- RSSTootalizer/User.pm | 1 + RSSTootalizer/Website/Logout.pm | 10 ++++++++-- static/templates/Logout.html | 7 +++++++ 3 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 static/templates/Logout.html diff --git a/RSSTootalizer/User.pm b/RSSTootalizer/User.pm index 192cb94..5fae476 100644 --- a/RSSTootalizer/User.pm +++ b/RSSTootalizer/User.pm @@ -19,6 +19,7 @@ sub authenticate { return 0 unless defined($session_id); my $user = $class->get_by("session_id", $session_id); return 0 unless $user; + return 0 if $user->{data}->{session_id} eq "invalid"; my $instance = $user->{data}->{instance}; my $token = $user->{data}->{access_token}; diff --git a/RSSTootalizer/Website/Logout.pm b/RSSTootalizer/Website/Logout.pm index c73f9b7..41b4f62 100644 --- a/RSSTootalizer/Website/Logout.pm +++ b/RSSTootalizer/Website/Logout.pm @@ -17,11 +17,17 @@ sub fill_content { sub prerender { my $self = shift; - $self->{"template"} = "Login"; + $self->{"template"} = "Logout"; $self->{"content_type"} = "html"; - $self->{"params"}->{"currentmode"} = "Login"; + $self->{"params"}->{"currentmode"} = "Logout"; $self->{"set_cookie"} = ("session_id="); + my $user = RSSTootalizer::User->authenticate(); + if ($user){ + # RSSTootalizer::DB->doUPDATE("UPDATE users SET session_id = 'invalid' WHERE ID = ?", $user->{data}->{ID}); + $user->{data}->{session_id} = "invalid"; + $user->save(); + } } 1; diff --git a/static/templates/Logout.html b/static/templates/Logout.html new file mode 100644 index 0000000..34c8ebd --- /dev/null +++ b/static/templates/Logout.html @@ -0,0 +1,7 @@ + +
+ +You have been successfully logged out. You can Login again if you like. + +
+