extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2025-02-04 12:39:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix inactivity detection followed by logout - Fixes #267

Browse Source
This commit is contained in:
Bubka 2024-03-06 08:40:29 +01:00
parent 214c1c2349
commit 9519d5838c
3 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Kernel.php
View File

@ -48,8 +48,8 @@ class Kernel extends HttpKernel
\App\Http\Middleware\VerifyCsrfToken::class, \App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class, \Illuminate\Routing\Middleware\SubstituteBindings::class,
\App\Http\Middleware\Authenticate::class, \App\Http\Middleware\Authenticate::class,
\App\Http\Middleware\LogUserLastSeen::class,
\App\Http\Middleware\KickOutInactiveUser::class, \App\Http\Middleware\KickOutInactiveUser::class,
\App\Http\Middleware\LogUserLastSeen::class,
\App\Http\Middleware\SetLanguage::class, \App\Http\Middleware\SetLanguage::class,
\App\Http\Middleware\CustomCreateFreshApiToken::class, \App\Http\Middleware\CustomCreateFreshApiToken::class,
], ],

5
app/Http/Middleware/KickOutInactiveUser.php
View File

@ -38,11 +38,8 @@ public function handle($request, Closure $next, ...$guards)
if ($kickUserAfterXSecond > 0 && $inactiveFor > $kickUserAfterXSecond) { if ($kickUserAfterXSecond > 0 && $inactiveFor > $kickUserAfterXSecond) {
$user->last_seen_at = $now->format('Y-m-d H:i:s'); $user->last_seen_at = $now->format('Y-m-d H:i:s');
$user->save(); $user->save();
Log::info(sprintf('User ID #%s detected as inactive, authentication rejected', $user->id)); Log::info(sprintf('User ID #%s detected as inactive, authentication rejected', $user->id));
if (method_exists('Illuminate\Support\Facades\Auth', 'logout')) { Auth::guard('web-guard')->logout();
Auth::logout();
}
return response()->json(['message' => 'inactivity detected'], Response::HTTP_I_AM_A_TEAPOT); return response()->json(['message' => 'inactivity detected'], Response::HTTP_I_AM_A_TEAPOT);
} }

18
resources/js/services/httpClientFactory.js vendored
View File

@ -52,6 +52,15 @@ export const httpClientFactory = (endpoint = 'api') => {
return httpClient.request(originalRequestConfig) return httpClient.request(originalRequestConfig)
} }
// api calls are stateless so when user inactivity is detected
// by the backend middleware, it cannot logout the user directly
// so it returns a 418 response.
// We catch the 418 response and log the user out
if (error.response.status === 418) {
const user = useUserStore()
user.logout({ kicked: true})
}
if (error.response && [407].includes(error.response.status)) { if (error.response && [407].includes(error.response.status)) {
useNotifyStore().error(error) useNotifyStore().error(error)
return new Promise(() => {}) return new Promise(() => {})
@ -78,15 +87,6 @@ export const httpClientFactory = (endpoint = 'api') => {
return new Promise(() => {}) return new Promise(() => {})
} }
// api calls are stateless so when user inactivity is detected
// by the backend middleware, it cannot logout the user directly
// so it returns a 418 response.
// We catch the 418 response and log the user out
if (error.response.status === 418) {
const user = useUserStore()
user.logout({ kicked: true})
}
useNotifyStore().error(error) useNotifyStore().error(error)
return new Promise(() => {}) return new Promise(() => {})
} }