selfhosted
/
2FAuth
mirror of https://github.com/Bubka/2FAuth.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix inactivity detection followed by logout - Fixes #267

This commit is contained in:
Bubka 2024-03-06 08:40:29 +01:00
parent 214c1c2349
commit 9519d5838c
3 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Kernel.php
View File

@ -48,8 +48,8 @@ class Kernel extends HttpKernel
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\App\Http\Middleware\Authenticate::class,
\App\Http\Middleware\LogUserLastSeen::class,
\App\Http\Middleware\KickOutInactiveUser::class,
\App\Http\Middleware\LogUserLastSeen::class,
\App\Http\Middleware\SetLanguage::class,
\App\Http\Middleware\CustomCreateFreshApiToken::class,
],

5
app/Http/Middleware/KickOutInactiveUser.php
View File

@ -38,11 +38,8 @@ class KickOutInactiveUser
if ($kickUserAfterXSecond > 0 && $inactiveFor > $kickUserAfterXSecond) {
$user->last_seen_at = $now->format('Y-m-d H:i:s');
$user->save();
Log::info(sprintf('User ID #%s detected as inactive, authentication rejected', $user->id));
if (method_exists('Illuminate\Support\Facades\Auth', 'logout')) {
Auth::logout();
}
Auth::guard('web-guard')->logout();
return response()->json(['message' => 'inactivity detected'], Response::HTTP_I_AM_A_TEAPOT);
}

18
resources/js/services/httpClientFactory.js vendored
View File

@ -51,6 +51,15 @@ export const httpClientFactory = (endpoint = 'api') => {
await axios.get('/refresh-csrf')
return httpClient.request(originalRequestConfig)
}
// api calls are stateless so when user inactivity is detected
// by the backend middleware, it cannot logout the user directly
// so it returns a 418 response.
// We catch the 418 response and log the user out
if (error.response.status === 418) {
const user = useUserStore()
user.logout({ kicked: true})
}
if (error.response && [407].includes(error.response.status)) {
useNotifyStore().error(error)
@ -78,15 +87,6 @@ export const httpClientFactory = (endpoint = 'api') => {
return new Promise(() => {})
}
// api calls are stateless so when user inactivity is detected
// by the backend middleware, it cannot logout the user directly
// so it returns a 418 response.
// We catch the 418 response and log the user out
if (error.response.status === 418) {
const user = useUserStore()
user.logout({ kicked: true})
}
useNotifyStore().error(error)
return new Promise(() => {})
}