Implement user token persistency #370
Conversation
xPaw
added
Type: Feature
| @@ -239,12 +244,12 @@ function auth(data) { | |||
| if (success) { | |||
| var token; | |||
There was a problem hiding this comment.
Forgot to remove this variable as I removed the need to pass around token into init.
xPaw
force-pushed
the
xpaw/persistent-token
branch
2 times, most recently
from
7e0c69c
to
f35879a
Compare
| @@ -206,7 +211,7 @@ function reverseDnsLookup(socket, client, token) { | |||
| client.hostname = client.ip; | |||
| } | |||
|
|
|||
| init(socket, client, token); | |||
| init(socket, client, remember); | |||
There was a problem hiding this comment.
Is there a reason why this isn't just handled on the client? That way, we could get rid of the remember variable entirely and not need to pass it around at all. Since that flag comes from the client anyway, I don't see any harm in always returning the token.
There was a problem hiding this comment.
Would need to store it somewhere while auth is happening (or disable the checkbox). I'd rather keep it as it is for now.
xPaw
force-pushed
the
xpaw/persistent-token
branch
from
f35879a
to
b06a58b
Compare
xPaw
force-pushed
the
xpaw/persistent-token
branch
from
b06a58b
to
4c58ef4
Compare
| @@ -129,6 +129,11 @@ $(function() { | |||
| feedback.hide(); | |||
| }); | |||
| } | |||
|
|
|||
| if (data.token && window.localStorage.setItem("token") !== null) { | |||
There was a problem hiding this comment.
I think you meant getItem, no? Also, shouldn't that token change only happen if data.success?
There was a problem hiding this comment.
data.token will be sent only on data.success anyway, so the check won't pass. And yes it should be getItem.
|
@xPaw, can we add a text when changing the password (e.g. under the form for the UI, confirmation message when calling the CLI command) saying "[For security purposes,] all your other sessions will be logged out" or something like that? I'll let you or any native speakers decide on the wording. |
xPaw
force-pushed
the
xpaw/persistent-token
branch
from
4c58ef4
to
9384cd9
Compare
|
@astorije Added a message when changing the password on web. It doesn't make much sense to keep in CLI (maybe worth mentioning on website documentation though). |
Implement user token persistency
This fixes a regression introduced by LDAP support addition (thelounge#477), which forces users to re-login when the server restarts. This was originally implemented in thelounge#370.
Fixes #26.
It also regenerates the token on password change, which will force all your devices (except the one you changed the password on) to re-login.