mj-saunders
/
rsstootalizer
2
2
Fork 0
Code Issues Pull Requests Releases Wiki Activity

properly invalidate session ids on logout

master
Benjamin Schieder 2017-04-26 07:44:34 +01:00
parent a2b6fe1594
commit 4a09181498
3 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
RSSTootalizer/User.pm
View File

@ -19,6 +19,7 @@ sub authenticate {
return 0 unless defined($session_id); return 0 unless defined($session_id);
my $user = $class->get_by("session_id", $session_id); my $user = $class->get_by("session_id", $session_id);
return 0 unless $user; return 0 unless $user;
return 0 if $user->{data}->{session_id} eq "invalid";
my $instance = $user->{data}->{instance}; my $instance = $user->{data}->{instance};
my $token = $user->{data}->{access_token}; my $token = $user->{data}->{access_token};

10
RSSTootalizer/Website/Logout.pm
View File

@ -17,11 +17,17 @@ sub fill_content {
sub prerender { sub prerender {
my $self = shift; my $self = shift;
$self->{"template"} = "Login"; $self->{"template"} = "Logout";
$self->{"content_type"} = "html"; $self->{"content_type"} = "html";
$self->{"params"}->{"currentmode"} = "Login"; $self->{"params"}->{"currentmode"} = "Logout";
$self->{"set_cookie"} = ("session_id="); $self->{"set_cookie"} = ("session_id=");
my $user = RSSTootalizer::User->authenticate();
if ($user){
# RSSTootalizer::DB->doUPDATE("UPDATE users SET session_id = 'invalid' WHERE ID = ?", $user->{data}->{ID});
$user->{data}->{session_id} = "invalid";
$user->save();
}
} }
1; 1;

7
static/templates/Logout.html 100644
View File

@ -0,0 +1,7 @@
<TMPL_INCLUDE NAME='_header.html'>
<div class="container">
You have been successfully logged out. You can <a href="index.pl?mode=Login">Login again</a> if you like.
</div> <!-- /container -->
<TMPL_INCLUDE NAME='_footer.html'>