feature: logout when the user is invalidated (#652)

2021-04-13 14:33:21 +08:00 · 2021-04-13 14:33:21 +08:00 · 5f1c868006
parent 59366e4d3a
commit 5f1c868006
3 changed files with 24 additions and 0 deletions
--- a/src/modules/server/auth/auth.go
+++ b/src/modules/server/auth/auth.go
@ -33,6 +33,10 @@ func PostCallback(in *ssoc.CallbackOutput) error {
 	return defaultAuth.PostCallback(in)
 }

+func LogoutByUsername(username string) error {
+	return defaultAuth.LogoutByUsername(username)
+}
+
 func DeleteSession(sid string) error {
 	return defaultAuth.DeleteSession(sid)
 }
--- a/src/modules/server/auth/authenticator.go
+++ b/src/modules/server/auth/authenticator.go
@ -220,6 +220,23 @@ func (p *Authenticator) PostCallback(in *ssoc.CallbackOutput) error {
 	return nil
 }

+// LogoutByUsername
+func (p *Authenticator) LogoutByUsername(username string) error {
+	if !p.extraMode {
+		return nil
+	}
+
+	tokens := []models.Token{}
+	models.DB["sso"].SQL("select * from token where user_name=?", username).Find(&tokens)
+
+	for i := 0; i < len(tokens); i++ {
+		logger.Debugf("[logout by username] delete session by token %s %s", username, tokens[i].AccessToken)
+		deleteSessionByToken(&tokens[i])
+	}
+
+	return nil
+}
+
 // ChangePasswordRedirect check user should change password before login
 // return err when need changePassword
 func (p *Authenticator) changePasswordRedirect(in *ssoc.CallbackOutput, cf *models.AuthConfig) (err error) {
--- a/src/modules/server/http/router_user.go
+++ b/src/modules/server/http/router_user.go
@ -168,6 +168,9 @@ func userProfilePut(c *gin.Context) {
 		if target.Status == models.USER_S_ACTIVE {
 			target.LoginErrNum = 0
 		}
+		if target.Status == models.USER_S_INACTIVE {
+			auth.LogoutByUsername(target.Username)
+		}
 	}

 	if f.Organization != target.Organization {