Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-25 08:09:44 +02:00
Code Issues Releases Activity

feat: Additional httpOnly token for enhanced security in browsers

Browse source
This commit is contained in:
Maksim Eltyshev 2024-09-01 09:31:04 +02:00
parent d4043c9726
commit 50519f1bcd
18 changed files with 171 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

8
server/api/controllers/users/update-password.js
View file

@ -48,7 +48,7 @@ module.exports = {
},
async fn(inputs) {
const { currentUser } = this.req;
const { currentSession, currentUser } = this.req;
if (inputs.id === currentUser.id) {
if (!inputs.currentPassword) {
@ -89,10 +89,14 @@ module.exports = {
}
if (user.id === currentUser.id) {
const accessToken = sails.helpers.utils.createToken(user.id, user.passwordUpdatedAt);
const { token: accessToken } = sails.helpers.utils.createJwtToken(
user.id,
user.passwordUpdatedAt,
);
await Session.create({
accessToken,
httpOnlyToken: currentSession.httpOnlyToken,
userId: user.id,
remoteAddress: getRemoteAddress(this.req),
userAgent: this.req.headers['user-agent'],