diff options
| author | =Corey Hulen <corey@hulen.com> | 2015-10-01 17:52:47 -0700 |
|---|---|---|
| committer | =Corey Hulen <corey@hulen.com> | 2015-10-01 17:52:47 -0700 |
| commit | 430806301da06e927b8d7d6dcba20ea4b6b6d6c1 (patch) | |
| tree | 8a457efc7d5570679c3a2ae607b0a52f79cfa981 /api/user.go | |
| parent | 013df9f6614fcf8816dc29bc8f07d05a605e47e0 (diff) | |
| download | chat-430806301da06e927b8d7d6dcba20ea4b6b6d6c1.tar.gz chat-430806301da06e927b8d7d6dcba20ea4b6b6d6c1.tar.bz2 chat-430806301da06e927b8d7d6dcba20ea4b6b6d6c1.zip | |
PLT-44 allow team switching without the need to login
Diffstat (limited to 'api/user.go')
| -rw-r--r-- | api/user.go | 39 |
1 files changed, 37 insertions, 2 deletions
diff --git a/api/user.go b/api/user.go index ed3576a30..2d7dd9ab1 100644 --- a/api/user.go +++ b/api/user.go @@ -394,6 +394,41 @@ func Login(c *Context, w http.ResponseWriter, r *http.Request, user *model.User, http.SetCookie(w, sessionCookie) + multiToken := "" + if originalMultiSessionCookie, err := r.Cookie(model.MULTI_SESSION_TOKEN); err == nil { + multiToken = originalMultiSessionCookie.Value + } + + // Attempt to clean all the old tokens or duplicate tokens + if len(multiToken) > 0 { + tokens := strings.Split(multiToken, " ") + + multiToken = "" + seen := make(map[string]string) + seen[session.TeamId] = session.TeamId + for _, token := range tokens { + if sr := <-Srv.Store.Session().Get(token); sr.Err == nil { + s := sr.Data.(*model.Session) + if !s.IsExpired() && seen[s.TeamId] == "" { + multiToken += " " + token + seen[s.TeamId] = s.TeamId + } + } + } + } + + multiToken = strings.TrimSpace(session.Token + " " + multiToken) + + multiSessionCookie := &http.Cookie{ + Name: model.MULTI_SESSION_TOKEN, + Value: multiToken, + Path: "/", + MaxAge: maxAge, + HttpOnly: true, + } + + http.SetCookie(w, multiSessionCookie) + c.Session = *session c.LogAuditWithUserId(user.Id, "success") } @@ -514,7 +549,7 @@ func logout(c *Context, w http.ResponseWriter, r *http.Request) { func Logout(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("") - c.RemoveSessionCookie(w) + c.RemoveSessionCookie(w, r) if result := <-Srv.Store.Session().Remove(c.Session.Id); result.Err != nil { c.Err = result.Err return @@ -529,7 +564,7 @@ func getMe(c *Context, w http.ResponseWriter, r *http.Request) { if result := <-Srv.Store.User().Get(c.Session.UserId); result.Err != nil { c.Err = result.Err - c.RemoveSessionCookie(w) + c.RemoveSessionCookie(w, r) l4g.Error("Error in getting users profile for id=%v forcing logout", c.Session.UserId) return } else if HandleEtag(result.Data.(*model.User).Etag(), w, r) { |