Merge pull request '5863_logout_remove_session' (!40) from 5863_logout_remove_session into test
gitea/hedera-web/pipeline/head This commit looks good Details

Reviewed-on: #40
Reviewed-by: Juan Ferrer <juan@verdnatura.es>
This commit is contained in:
Alex Moreno 2023-07-14 11:04:56 +00:00
commit 7bb067223a
5 changed files with 16 additions and 10 deletions

2
debian/changelog vendored
View File

@ -1,4 +1,4 @@
hedera-web (23.6.17) stable; urgency=low
hedera-web (23.6.18) stable; urgency=low
* Initial Release.

View File

@ -86,6 +86,7 @@ module.exports = new Class({
headers: {'Authorization': token}
};
await this.post('Accounts/logout', null, config);
await this.send('user/logout');
}
},

View File

@ -1,6 +1,6 @@
{
"name": "hedera-web",
"version": "23.6.17",
"version": "23.6.18",
"description": "Verdnatura web page",
"license": "GPL-3.0",
"repository": {

7
rest/user/logout.php Normal file
View File

@ -0,0 +1,7 @@
<?php
class Logout extends Vn\Web\JsonRequest {
function run($db) {
$_SESSION['user'] = null;
}
}

View File

@ -150,9 +150,6 @@ abstract class Service {
if (!empty($_GET['access_token']))
$token = $_GET['access_token'];
error_log("Start login logs\n");
error_log("_SERVER_HTTP_AUTHORIZATION: " . $_SERVER['HTTP_AUTHORIZATION'] . " _GET_Access_token: " . $_GET['access_token'] . "EndLine\n");
if (isset($token)) {
$userId = $db->getValue(
'SELECT userId FROM salix.AccessToken
@ -161,8 +158,10 @@ abstract class Service {
[$token]
);
if (!$userId)
if (!$userId) {
$_SESSION['user'] = null;
throw new SessionExpiredException();
}
$anonymousUser = FALSE;
$user = $db->getValue(
@ -178,11 +177,12 @@ abstract class Service {
[$user]
);
if (!$isActive)
if (!$isActive) {
$_SESSION['user'] = null;
throw new UserDisabledException();
}
}
error_log("user: " . $user . "EndLine\n");
$db->query('CALL account.myUser_loginWithName(#)', [$user]);
$userChanged = !$anonymousUser
@ -191,8 +191,6 @@ abstract class Service {
$_SESSION['user'] = $user;
// Registering the user access
error_log("SESSION_Access: " . $_SESSION['access'] . " _userChanged: " . $userChanged . " _SESSION_User: " . $_SESSION['user'] . "EndLine\n");
error_log("End login logs\n");
if (isset($_SESSION['access']) && $userChanged)
$db->query(
'CALL visitUser_new(#, #)',