This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to tag 4.19.1.2
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit 8a2f6528f1ebfc3fd4b8fddcf06628f4f5a45126
Author: Daan Hoogland <d...@onecht.net>
AuthorDate: Wed Aug 28 15:22:29 2024 +0200
Session Token Invalidation on Logout
---
server/src/main/java/com/cloud/api/ApiServlet.java | 27 ++++++++++++----------
ui/src/api/index.js | 1 -
ui/src/store/modules/user.js | 11 +++++----
3 files changed, 21 insertions(+), 18 deletions(-)
diff --git a/server/src/main/java/com/cloud/api/ApiServlet.java
b/server/src/main/java/com/cloud/api/ApiServlet.java
index f6f46419c04..e719238afef 100644
--- a/server/src/main/java/com/cloud/api/ApiServlet.java
+++ b/server/src/main/java/com/cloud/api/ApiServlet.java
@@ -260,19 +260,22 @@ public class ApiServlet extends HttpServlet {
}
if (apiAuthenticator.getAPIType() ==
APIAuthenticationType.LOGOUT_API) {
- if (session != null) {
- final Long userId = (Long)
session.getAttribute("userid");
- final Account account = (Account)
session.getAttribute("accountobj");
- Long accountId = null;
- if (account != null) {
- accountId = account.getId();
- }
- auditTrailSb.insert(0, "(userId=" + userId + "
accountId=" + accountId + " sessionId=" + session.getId() + ")");
- if (userId != null) {
- apiServer.logoutUser(userId);
- }
- invalidateHttpSession(session, "invalidating
session after logout call");
+ if (session == null) {
+ throw new
ServerApiException(ApiErrorCode.PARAM_ERROR, "Session not found for the logout
process.");
}
+
+ final Long userId = (Long)
session.getAttribute("userid");
+ final Account account = (Account)
session.getAttribute("accountobj");
+ Long accountId = null;
+ if (account != null) {
+ accountId = account.getId();
+ }
+ auditTrailSb.insert(0, "(userId=" + userId + "
accountId=" + accountId + " sessionId=" + session.getId() + ")");
+ if (userId != null) {
+ apiServer.logoutUser(userId);
+ }
+ invalidateHttpSession(session, "invalidating session
after logout call");
+
final Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (final Cookie cookie : cookies) {
diff --git a/ui/src/api/index.js b/ui/src/api/index.js
index 1db41661276..14432010738 100644
--- a/ui/src/api/index.js
+++ b/ui/src/api/index.js
@@ -65,7 +65,6 @@ export function login (arg) {
}
export function logout () {
- sourceToken.cancel()
message.destroy()
notification.destroy()
return api('logout')
diff --git a/ui/src/store/modules/user.js b/ui/src/store/modules/user.js
index fb5b6ff5e0b..08a0c340c64 100644
--- a/ui/src/store/modules/user.js
+++ b/ui/src/store/modules/user.js
@@ -24,6 +24,7 @@ import router from '@/router'
import store from '@/store'
import { oauthlogin, login, logout, api } from '@/api'
import { i18n } from '@/locales'
+import { sourceToken } from '@/utils/request'
import {
ACCESS_TOKEN,
@@ -374,11 +375,6 @@ const user = {
cloudianUrl = state.cloudian.url + 'logout.htm?redirect=' +
encodeURIComponent(window.location.href)
}
- Object.keys(Cookies.get()).forEach(cookieName => {
- Cookies.remove(cookieName)
- Cookies.remove(cookieName, { path: '/client' })
- })
-
commit('SET_TOKEN', '')
commit('SET_APIS', {})
commit('SET_PROJECT', {})
@@ -406,6 +402,11 @@ const user = {
}
}).catch(() => {
resolve()
+ }).finally(() => {
+ Object.keys(Cookies.get()).forEach(cookieName => {
+ Cookies.remove(cookieName)
+ Cookies.remove(cookieName, { path: '/client' })
+ })
})
})
},
