Skip to content
Snippets Groups Projects
Commit 1e28aa55 authored by FORESTIER Fabien's avatar FORESTIER Fabien
Browse files

Add XSRF-TOKEN cookie on user update and revokes it on user logout

parent 3ba5b719
Branches
Tags
1 merge request!5Version 3.0.0
Pipeline #2609 passed
Stage: build
Stage: deploy
Hide whitespace changes
Inline Side-by-side
src/authentication/authentication.controller.ts
+ 17
1
View file @ 1e28aa55
...@@ -71,6 +71,14 @@ export class AuthenticationController { ...@@ -71,6 +71,14 @@ export class AuthenticationController {
httpOnly: true, httpOnly: true,
secure: true, secure: true,
}, },
).cookie(
'XSRF-TOKEN',
'',
{
domain: this._configService.config.xsrfTokenCookieDomain,
expires: new Date(0),
sameSite: 'Strict',
},
).status(HttpStatus.OK).send(true); ).status(HttpStatus.OK).send(true);
} }
...@@ -154,7 +162,15 @@ export class AuthenticationController { ...@@ -154,7 +162,15 @@ export class AuthenticationController {
httpOnly: true, httpOnly: true,
secure: true, secure: true,
}, },
).status(HttpStatus.OK).send({ userInfo: updateResult.userInfo, xsrfToken: updateResult.xsrfToken }); ).cookie(
'XSRF-TOKEN',
updateResult.xsrfToken,
{
domain: this._configService.config.xsrfTokenCookieDomain,
expires: cookieExpiresAt,
sameSite: 'Strict',
},
).status(HttpStatus.OK).send({ userInfo: updateResult.userInfo });
} catch (error) { } catch (error) {
if (error instanceof HttpException) { if (error instanceof HttpException) {
throw error; throw error;
......
src/authentication/authentication.model.ts
+ 6
1
View file @ 1e28aa55
...@@ -170,7 +170,7 @@ export class JWTTokenInfo { ...@@ -170,7 +170,7 @@ export class JWTTokenInfo {
identity_provider: string; identity_provider: string;
} }
export class UserInfoUpdateResponse { export class UserInfoUpdateServiceResponse {
@ApiModelProperty() @ApiModelProperty()
@IsString() @IsString()
jwtToken: string; jwtToken: string;
...@@ -182,6 +182,11 @@ export class UserInfoUpdateResponse { ...@@ -182,6 +182,11 @@ export class UserInfoUpdateResponse {
xsrfToken: string; xsrfToken: string;
} }
export class UserInfoUpdateResponse {
@ApiModelProperty()
userInfo: PublicUserInfo;
}
export class UserInfoWithoutPassword { export class UserInfoWithoutPassword {
@ApiModelProperty() @ApiModelProperty()
@IsString() @IsString()
......
src/authentication/authentication.service.ts
+ 2
2
View file @ 1e28aa55
...@@ -8,7 +8,7 @@ bluebird.promisifyAll(redis); ...@@ -8,7 +8,7 @@ bluebird.promisifyAll(redis);
import * as jwt from 'jsonwebtoken'; import * as jwt from 'jsonwebtoken';
import { import {
UserInfo, JwtInfo, LoginForm, KongUserJwtCredential, JWTTokenInfo, UserUpdateForm, UserInfoWithoutPassword, UserInfo, JwtInfo, LoginForm, KongUserJwtCredential, JWTTokenInfo, UserUpdateForm, UserInfoWithoutPassword,
PublicUserInfo, UserInfoUpdateResponse, LoginServiceResponse, PublicUserInfo, UserInfoUpdateResponse, LoginServiceResponse, UserInfoUpdateServiceResponse,
} from './authentication.model'; } from './authentication.model';
import { handleError } from '../helpers'; import { handleError } from '../helpers';
...@@ -116,7 +116,7 @@ export class AuthenticationService { ...@@ -116,7 +116,7 @@ export class AuthenticationService {
} }
} }
async updateUserInfo(token: string, form: UserUpdateForm, xsrfToken: string): Promise<UserInfoUpdateResponse> { async updateUserInfo(token: string, form: UserUpdateForm, xsrfToken: string): Promise<UserInfoUpdateServiceResponse> {
this.logger.log('Entering function', `${AuthenticationService.name} - ${this.updateUserInfo.name}`); this.logger.log('Entering function', `${AuthenticationService.name} - ${this.updateUserInfo.name}`);
try { try {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment