commit: 171673113fd353666ae9b593abec8f64ec9ea6ef
parent: c8794b2b840e628687342c0fade2da4a9fd2cd12
Author: Shpuld Shpludson <shp@cock.li>
Date: Sun, 7 Jul 2019 18:29:36 +0000
Merge branch 'revoke-token' into 'develop'
Revoke oAuth token on logout
Closes pleroma#952
See merge request pleroma/pleroma-fe!864
Diffstat:
3 files changed, 50 insertions(+), 9 deletions(-)
diff --git a/config/index.js b/config/index.js
@@ -48,6 +48,11 @@ module.exports = {
changeOrigin: true,
cookieDomainRewrite: 'localhost',
ws: true
+ },
+ '/oauth/revoke': {
+ target,
+ changeOrigin: true,
+ cookieDomainRewrite: 'localhost'
}
},
// CSS Sourcemaps off by default because relative paths are "buggy"
diff --git a/src/modules/users.js b/src/modules/users.js
@@ -1,5 +1,6 @@
import backendInteractorService from '../services/backend_interactor_service/backend_interactor_service.js'
import userSearchApi from '../services/new_api/user_search.js'
+import oauthApi from '../services/new_api/oauth.js'
import { compact, map, each, merge, last, concat, uniq } from 'lodash'
import { set } from 'vue'
import { registerPushNotifications, unregisterPushNotifications } from '../services/push/push.js'
@@ -397,14 +398,34 @@ const users = {
},
logout (store) {
- store.commit('clearCurrentUser')
- store.dispatch('disconnectFromChat')
- store.commit('clearToken')
- store.dispatch('stopFetching', 'friends')
- store.commit('setBackendInteractor', backendInteractorService(store.getters.getToken()))
- store.dispatch('stopFetching', 'notifications')
- store.commit('clearNotifications')
- store.commit('resetStatuses')
+ const { oauth, instance } = store.rootState
+
+ const data = {
+ ...oauth,
+ commit: store.commit,
+ instance: instance.server
+ }
+
+ return oauthApi.getOrCreateApp(data)
+ .then((app) => {
+ const params = {
+ app,
+ instance: data.instance,
+ token: oauth.userToken
+ }
+
+ return oauthApi.revokeToken(params)
+ })
+ .then(() => {
+ store.commit('clearCurrentUser')
+ store.dispatch('disconnectFromChat')
+ store.commit('clearToken')
+ store.dispatch('stopFetching', 'friends')
+ store.commit('setBackendInteractor', backendInteractorService(store.getters.getToken()))
+ store.dispatch('stopFetching', 'notifications')
+ store.commit('clearNotifications')
+ store.commit('resetStatuses')
+ })
},
loginUser (store, accessToken) {
return new Promise((resolve, reject) => {
diff --git a/src/services/new_api/oauth.js b/src/services/new_api/oauth.js
@@ -125,13 +125,28 @@ const verifyRecoveryCode = ({app, instance, mfaToken, code}) => {
}).then((data) => data.json())
}
+const revokeToken = ({ app, instance, token }) => {
+ const url = `${instance}/oauth/revoke`
+ const form = new window.FormData()
+
+ form.append('client_id', app.clientId)
+ form.append('client_secret', app.clientSecret)
+ form.append('token', token)
+
+ return window.fetch(url, {
+ method: 'POST',
+ body: form
+ }).then((data) => data.json())
+}
+
const oauth = {
login,
getToken,
getTokenWithCredentials,
getOrCreateApp,
verifyOTPCode,
- verifyRecoveryCode
+ verifyRecoveryCode,
+ revokeToken
}
export default oauth