diff --git a/backend/src/app/http/session.clj b/backend/src/app/http/session.clj index 462e86c62..75f7989b7 100644 --- a/backend/src/app/http/session.clj +++ b/backend/src/app/http/session.clj @@ -72,7 +72,10 @@ (do (a/>!! (::events-ch cfg) id) (l/update-thread-context! {:profile-id profile-id}) - (handler (assoc request :profile-id profile-id))) + (-> request + (assoc :profile-id profile-id) + (assoc :session-id id) + (handler))) (handler request)))) ;; --- STATE INIT: SESSION diff --git a/backend/src/app/rpc.clj b/backend/src/app/rpc.clj index 13c9089cc..97510cc0f 100644 --- a/backend/src/app/rpc.clj +++ b/backend/src/app/rpc.clj @@ -30,7 +30,7 @@ response) (defn- rpc-query-handler - [methods {:keys [profile-id] :as request}] + [methods {:keys [profile-id session-id] :as request}] (let [type (keyword (get-in request [:path-params :type])) data (merge (:params request) @@ -39,7 +39,7 @@ {::request request}) data (if profile-id - (assoc data :profile-id profile-id) + (assoc data :profile-id profile-id ::session-id session-id) (dissoc data :profile-id)) result ((get methods type default-handler) data) @@ -50,7 +50,7 @@ ((:transform-response mdata) request)))) (defn- rpc-mutation-handler - [methods {:keys [profile-id] :as request}] + [methods {:keys [profile-id session-id] :as request}] (let [type (keyword (get-in request [:path-params :type])) data (merge (:params request) (:body-params request) @@ -58,7 +58,7 @@ {::request request}) data (if profile-id - (assoc data :profile-id profile-id) + (assoc data :profile-id profile-id ::session-id session-id) (dissoc data :profile-id)) result ((get methods type default-handler) data) diff --git a/backend/src/app/rpc/mutations/fonts.clj b/backend/src/app/rpc/mutations/fonts.clj index b9682dad2..ff9727d42 100644 --- a/backend/src/app/rpc/mutations/fonts.clj +++ b/backend/src/app/rpc/mutations/fonts.clj @@ -48,7 +48,6 @@ (let [data (media/run cfg {:cmd :generate-fonts :input data :rlimit :font}) storage (media/configure-assets-storage storage conn) - otf (when-let [fdata (get data "font/otf")] (sto/put-object storage {:content (sto/content fdata) :content-type "font/otf"})) diff --git a/backend/src/app/rpc/mutations/profile.clj b/backend/src/app/rpc/mutations/profile.clj index 45c2bb5bd..619b7f07d 100644 --- a/backend/src/app/rpc/mutations/profile.clj +++ b/backend/src/app/rpc/mutations/profile.clj @@ -367,6 +367,7 @@ (declare validate-password!) (declare update-profile-password!) +(declare invalidate-profile-session!) (s/def ::update-profile-password (s/keys :req-un [::profile-id ::password ::old-password])) @@ -374,8 +375,10 @@ (sv/defmethod ::update-profile-password {:rlimit :password} [{:keys [pool] :as cfg} {:keys [password] :as params}] (db/with-atomic [conn pool] - (let [profile (validate-password! conn params)] + (let [profile (validate-password! conn params) + session-id (:app.rpc/session-id params)] (update-profile-password! conn (assoc profile :password password)) + (invalidate-profile-session! conn (:id profile) session-id) nil))) (defn- validate-password! @@ -392,6 +395,11 @@ {:password (derive-password password)} {:id id})) +(defn- invalidate-profile-session! + "Removes all sessions except the current one." + [conn profile-id session-id] + (let [sql "delete from http_session where profile_id = ? and id != ?"] + (:next.jdbc/update-count (db/exec-one! conn [sql profile-id session-id])))) ;; --- MUTATION: Update Photo diff --git a/frontend/src/app/main/ui/settings/password.cljs b/frontend/src/app/main/ui/settings/password.cljs index f0b6a3223..6c0f67221 100644 --- a/frontend/src/app/main/ui/settings/password.cljs +++ b/frontend/src/app/main/ui/settings/password.cljs @@ -19,11 +19,10 @@ (defn- on-error [form error] (case (:code error) - :app.services.mutations.profile/old-password-not-match + :old-password-not-match (swap! form assoc-in [:errors :password-old] {:message (tr "errors.wrong-old-password")}) - :else (let [msg (tr "generic.error")] (st/emit! (dm/error msg)))))