Skip to content

Commit

Permalink
fixed user JWT token not invalidated on logout
Browse files Browse the repository at this point in the history
  • Loading branch information
@albogdano
albogdano committed Dec 30, 2021
1 parent 0b27fdd commit c251891
Showing 1 changed file with 13 additions and 3 deletions.
16 changes: 13 additions & 3 deletions src/main/java/com/erudika/scoold/utils/ScooldUtils.java
View file
Expand Up @@ -174,8 +174,8 @@ public final class ScooldUtils {
WHITELISTED_MACROS.put("tags", "#tagspage($tagslist)");
}

private ParaClient pc;
private LanguageUtils langutils;
private final ParaClient pc;
private final LanguageUtils langutils;
private static ScooldUtils instance;
@Inject private Emailer emailer;

Expand Down Expand Up @@ -1465,7 +1465,17 @@ public String getFullAvatarURL(Profile profile) {

public void clearSession(HttpServletRequest req, HttpServletResponse res) {
if (req != null) {
HttpUtils.removeStateParam(AUTH_COOKIE, req, res);
String jwt = HttpUtils.getStateParam(AUTH_COOKIE, req);
if (!StringUtils.isBlank(jwt)) {
if (Config.getConfigBoolean("security.one_session_per_user", true)) {
synchronized (pc) {
pc.setAccessToken(jwt);
pc.revokeAllTokens();
pc.signOut();
}
}
HttpUtils.removeStateParam(AUTH_COOKIE, req, res);
}
HttpUtils.removeStateParam("dark-mode", req, res);
}
}
Expand Down

0 comments on commit c251891

Please sign in to comment.