Merge branch 'revoke-token' into 'develop'

Revoke oAuth token on logout

Closes pleroma#952

See merge request pleroma/pleroma-fe!864
This commit is contained in:
Shpuld Shpludson 2019-07-07 18:29:36 +00:00
commit 171673113f
3 changed files with 50 additions and 9 deletions

View file

@ -48,6 +48,11 @@ module.exports = {
changeOrigin: true, changeOrigin: true,
cookieDomainRewrite: 'localhost', cookieDomainRewrite: 'localhost',
ws: true ws: true
},
'/oauth/revoke': {
target,
changeOrigin: true,
cookieDomainRewrite: 'localhost'
} }
}, },
// CSS Sourcemaps off by default because relative paths are "buggy" // CSS Sourcemaps off by default because relative paths are "buggy"

View file

@ -1,5 +1,6 @@
import backendInteractorService from '../services/backend_interactor_service/backend_interactor_service.js' import backendInteractorService from '../services/backend_interactor_service/backend_interactor_service.js'
import userSearchApi from '../services/new_api/user_search.js' import userSearchApi from '../services/new_api/user_search.js'
import oauthApi from '../services/new_api/oauth.js'
import { compact, map, each, merge, last, concat, uniq } from 'lodash' import { compact, map, each, merge, last, concat, uniq } from 'lodash'
import { set } from 'vue' import { set } from 'vue'
import { registerPushNotifications, unregisterPushNotifications } from '../services/push/push.js' import { registerPushNotifications, unregisterPushNotifications } from '../services/push/push.js'
@ -397,14 +398,34 @@ const users = {
}, },
logout (store) { logout (store) {
store.commit('clearCurrentUser') const { oauth, instance } = store.rootState
store.dispatch('disconnectFromChat')
store.commit('clearToken') const data = {
store.dispatch('stopFetching', 'friends') ...oauth,
store.commit('setBackendInteractor', backendInteractorService(store.getters.getToken())) commit: store.commit,
store.dispatch('stopFetching', 'notifications') instance: instance.server
store.commit('clearNotifications') }
store.commit('resetStatuses')
return oauthApi.getOrCreateApp(data)
.then((app) => {
const params = {
app,
instance: data.instance,
token: oauth.userToken
}
return oauthApi.revokeToken(params)
})
.then(() => {
store.commit('clearCurrentUser')
store.dispatch('disconnectFromChat')
store.commit('clearToken')
store.dispatch('stopFetching', 'friends')
store.commit('setBackendInteractor', backendInteractorService(store.getters.getToken()))
store.dispatch('stopFetching', 'notifications')
store.commit('clearNotifications')
store.commit('resetStatuses')
})
}, },
loginUser (store, accessToken) { loginUser (store, accessToken) {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {

View file

@ -125,13 +125,28 @@ const verifyRecoveryCode = ({app, instance, mfaToken, code}) => {
}).then((data) => data.json()) }).then((data) => data.json())
} }
const revokeToken = ({ app, instance, token }) => {
const url = `${instance}/oauth/revoke`
const form = new window.FormData()
form.append('client_id', app.clientId)
form.append('client_secret', app.clientSecret)
form.append('token', token)
return window.fetch(url, {
method: 'POST',
body: form
}).then((data) => data.json())
}
const oauth = { const oauth = {
login, login,
getToken, getToken,
getTokenWithCredentials, getTokenWithCredentials,
getOrCreateApp, getOrCreateApp,
verifyOTPCode, verifyOTPCode,
verifyRecoveryCode verifyRecoveryCode,
revokeToken
} }
export default oauth export default oauth