external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-20 02:52:11 +00:00
Code Issues Releases Wiki Activity

Add /admin/bye route for control panel token invalidation

Browse Source
This commit is contained in:
NewbieOrange 2021-07-30 00:05:12 +08:00
parent aaf46df039
commit 745f2de25f
2 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
management/auth.py
View File

@ -145,6 +145,11 @@ class KeyAuthService:
# Check whether the provided token in request cookie matches the one we stored for the user. # Check whether the provided token in request cookie matches the one we stored for the user.
return self.check_user_token(email, request.cookies.get("miab-cp-token"), request, env) return self.check_user_token(email, request.cookies.get("miab-cp-token"), request, env)
def remove_user_token(self, email, request, env):
# Remove the user's token from the in-memory session database.
# Returns the invalidated token if exists.
return KeyAuthService.__token_dict.pop(email)
def create_user_key(self, email, env): def create_user_key(self, email, env):
# Create a user API key, which is a shared secret that we can re-generate from # Create a user API key, which is a shared secret that we can re-generate from
# static information in our database. The shared secret contains the user's # static information in our database. The shared secret contains the user's

13
management/daemon.py
View File

@ -174,6 +174,19 @@ def me():
# Return. # Return.
return resp return resp
@app.route('/bye')
def bye():
try:
email, _, _ = auth_service.authenticate(request, env)
auth_service.remove_user_token(email, request, env)
except ValueError:
pass # Unauthorized users can logout too, simply do nothing.
finally:
resp = Response()
resp.set_cookie("miab-cp-token", expires=0) # Removes the token cookie
return resp
# MAIL # MAIL
@app.route('/mail/users') @app.route('/mail/users')