mohiit1502/Automata
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(core): Prevent session hijacking (#9057)

Browse Source
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™
2024-04-09 11:20:35 +02:00
committed by GitHub
parent 5793e5644a
commit 28261047c3
15 changed files with 124 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/cli/src/controllers/auth.controller.ts
View File

@@ -94,7 +94,7 @@ export class AuthController {
}
}
this.authService.issueCookie(res, user);
this.authService.issueCookie(res, user, req.browserId);
void this.internalHooks.onUserLoginSuccess({
user,
authenticationMethod: usedAuthenticationMethod,

2
packages/cli/src/controllers/invitation.controller.ts
View File

@@ -164,7 +164,7 @@ export class InvitationController {
const updatedUser = await this.userRepository.save(invitee, { transaction: false });
this.authService.issueCookie(res, updatedUser);
this.authService.issueCookie(res, updatedUser, req.browserId);
void this.internalHooks.onUserSignup(updatedUser, {
user_type: 'email',

4
packages/cli/src/controllers/me.controller.ts
View File

@@ -85,7 +85,7 @@ export class MeController {
this.logger.info('User updated successfully', { userId });
this.authService.issueCookie(res, user);
this.authService.issueCookie(res, user, req.browserId);
const updatedKeys = Object.keys(payload);
void this.internalHooks.onUserUpdate({
@@ -138,7 +138,7 @@ export class MeController {
const updatedUser = await this.userRepository.save(user, { transaction: false });
this.logger.info('Password updated successfully', { userId: user.id });
this.authService.issueCookie(res, updatedUser);
this.authService.issueCookie(res, updatedUser, req.browserId);
void this.internalHooks.onUserUpdate({
user: updatedUser,

2
packages/cli/src/controllers/owner.controller.ts
View File

@@ -83,7 +83,7 @@ export class OwnerController {
this.logger.debug('Setting isInstanceOwnerSetUp updated successfully');
this.authService.issueCookie(res, owner);
this.authService.issueCookie(res, owner, req.browserId);
void this.internalHooks.onInstanceOwnerSetup({ user_id: owner.id });

2
packages/cli/src/controllers/passwordReset.controller.ts
View File

@@ -208,7 +208,7 @@ export class PasswordResetController {
this.logger.info('User password updated successfully', { userId: user.id });
this.authService.issueCookie(res, user);
this.authService.issueCookie(res, user, req.browserId);
void this.internalHooks.onUserUpdate({
user,