From fe95276ba849bc7a520087369eea0aaff6c92358 Mon Sep 17 00:00:00 2001 From: Joram Wilander Date: Thu, 4 May 2017 16:36:31 -0400 Subject: PLT-6492 Use new cookie to determine if user is logged in (#6317) * Use new cookie to determine if user is logged in * Add temporary code for 3.9 to prevent forced re-login --- api/context.go | 22 ++++++++++++++++++++++ app/login.go | 10 ++++++++++ model/session.go | 1 + webapp/actions/global_actions.jsx | 2 +- webapp/actions/user_actions.jsx | 3 --- webapp/root.jsx | 7 ++----- webapp/store/index.js | 6 +++--- 7 files changed, 39 insertions(+), 12 deletions(-) diff --git a/api/context.go b/api/context.go index 117fff708..f8953f547 100644 --- a/api/context.go +++ b/api/context.go @@ -185,6 +185,20 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } } + // TEMPORARY CODE FOR 3.9, REMOVE FOR 3.10 + if cookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil && c.Session.UserId != "" { + if _, err = r.Cookie(model.SESSION_COOKIE_USER); err != nil { + http.SetCookie(w, &http.Cookie{ + Name: model.SESSION_COOKIE_USER, + Value: c.Session.UserId, + Path: "/", + MaxAge: cookie.MaxAge, + Expires: cookie.Expires, + Secure: cookie.Secure, + }) + } + } + if h.isApi || h.isTeamIndependent { c.setTeamURL(c.GetSiteURLHeader(), false) c.Path = r.URL.Path @@ -357,7 +371,15 @@ func (c *Context) RemoveSessionCookie(w http.ResponseWriter, r *http.Request) { HttpOnly: true, } + userCookie := &http.Cookie{ + Name: model.SESSION_COOKIE_USER, + Value: "", + Path: "/", + MaxAge: -1, + } + http.SetCookie(w, cookie) + http.SetCookie(w, userCookie) } func (c *Context) SetInvalidParam(where string, name string) { diff --git a/app/login.go b/app/login.go index 4c7ab8474..4f9284140 100644 --- a/app/login.go +++ b/app/login.go @@ -122,7 +122,17 @@ func DoLogin(w http.ResponseWriter, r *http.Request, user *model.User, deviceId Secure: secure, } + userCookie := &http.Cookie{ + Name: model.SESSION_COOKIE_USER, + Value: user.Id, + Path: "/", + MaxAge: maxAge, + Expires: expiresAt, + Secure: secure, + } + http.SetCookie(w, sessionCookie) + http.SetCookie(w, userCookie) return session, nil } diff --git a/model/session.go b/model/session.go index 90cebe59d..38d1c91f1 100644 --- a/model/session.go +++ b/model/session.go @@ -11,6 +11,7 @@ import ( const ( SESSION_COOKIE_TOKEN = "MMAUTHTOKEN" + SESSION_COOKIE_USER = "MMUSERID" SESSION_CACHE_SIZE = 35000 SESSION_PROP_PLATFORM = "platform" SESSION_PROP_OS = "os" diff --git a/webapp/actions/global_actions.jsx b/webapp/actions/global_actions.jsx index 8d3eddfd9..ed434fdc7 100644 --- a/webapp/actions/global_actions.jsx +++ b/webapp/actions/global_actions.jsx @@ -457,7 +457,7 @@ export function clientLogout(redirectTo = '/') { ChannelStore.clear(); stopPeriodicStatusUpdates(); WebsocketActions.close(); - localStorage.removeItem('currentUserId'); + document.cookie = 'MMUSERID=;expires=Thu, 01 Jan 1970 00:00:01 GMT;'; window.location.href = redirectTo; } diff --git a/webapp/actions/user_actions.jsx b/webapp/actions/user_actions.jsx index 8dfc819b9..377a11020 100644 --- a/webapp/actions/user_actions.jsx +++ b/webapp/actions/user_actions.jsx @@ -51,8 +51,6 @@ import {getTeamMembersByIds, getMyTeamMembers} from 'mattermost-redux/actions/te export function loadMe(callback) { loadMeRedux()(dispatch, getState).then( () => { - localStorage.setItem('currentUserId', UserStore.getCurrentId()); - if (callback) { callback(); } @@ -741,7 +739,6 @@ export function webLogin(loginId, password, token, success, error) { login(loginId, password, token)(dispatch, getState).then( (ok) => { if (ok && success) { - localStorage.setItem('currentUserId', UserStore.getCurrentId()); success(); } else if (!ok && error) { const serverError = getState().requests.users.login.error; diff --git a/webapp/root.jsx b/webapp/root.jsx index 03595f85c..94645b661 100644 --- a/webapp/root.jsx +++ b/webapp/root.jsx @@ -13,7 +13,6 @@ import PDFJS from 'pdfjs-dist'; import * as Websockets from 'actions/websocket_actions.jsx'; import {loadMeAndConfig} from 'actions/user_actions.jsx'; import ChannelStore from 'stores/channel_store.jsx'; -import UserStore from 'stores/user_store.jsx'; import * as I18n from 'i18n/i18n.jsx'; // Import our styles @@ -61,9 +60,7 @@ function preRenderSetup(callwhendone) { setUrl(window.location.origin); - const currentUserId = localStorage.getItem('currentUserId'); - - if (currentUserId) { + if (document.cookie.indexOf('MMUSERID=') > -1) { loadMeAndConfig(() => d1.resolve()); } else { getClientConfig()(store.dispatch, store.getState).then( @@ -85,7 +82,7 @@ function preRenderSetup(callwhendone) { () => { // Turn off to prevent getting stuck in a loop $(window).off('beforeunload'); - if (UserStore.getCurrentUser()) { + if (document.cookie.indexOf('MMUSERID=') > -1) { viewChannel('', ChannelStore.getCurrentId() || '')(dispatch, getState); } Websockets.close(); diff --git a/webapp/store/index.js b/webapp/store/index.js index 1af7127e8..521181f8c 100644 --- a/webapp/store/index.js +++ b/webapp/store/index.js @@ -77,6 +77,9 @@ export default function configureStore(initialState) { persistor.purge(); + document.cookie = 'MMUSERID=;expires=Thu, 01 Jan 1970 00:00:01 GMT;'; + window.location.href = '/'; + store.dispatch(batchActions([ { type: General.OFFLINE_STORE_RESET, @@ -84,9 +87,6 @@ export default function configureStore(initialState) { } ])); - localStorage.removeItem('currentUserId'); - window.location.href = '/'; - setTimeout(() => { purging = false; }, 500); -- cgit v1.2.3-1-g7c22