mirror of
https://github.com/plankanban/planka.git
synced 2025-07-22 14:49:43 +02:00
feat: Additional httpOnly token for enhanced security in browsers
This commit is contained in:
parent
d4043c9726
commit
50519f1bcd
18 changed files with 171 additions and 48 deletions
|
@ -48,7 +48,7 @@ module.exports = {
|
|||
},
|
||||
|
||||
async fn(inputs) {
|
||||
const { currentUser } = this.req;
|
||||
const { currentSession, currentUser } = this.req;
|
||||
|
||||
if (inputs.id === currentUser.id) {
|
||||
if (!inputs.currentPassword) {
|
||||
|
@ -89,10 +89,14 @@ module.exports = {
|
|||
}
|
||||
|
||||
if (user.id === currentUser.id) {
|
||||
const accessToken = sails.helpers.utils.createToken(user.id, user.passwordUpdatedAt);
|
||||
const { token: accessToken } = sails.helpers.utils.createJwtToken(
|
||||
user.id,
|
||||
user.passwordUpdatedAt,
|
||||
);
|
||||
|
||||
await Session.create({
|
||||
accessToken,
|
||||
httpOnlyToken: currentSession.httpOnlyToken,
|
||||
userId: user.id,
|
||||
remoteAddress: getRemoteAddress(this.req),
|
||||
userAgent: this.req.headers['user-agent'],
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue