when leaving protected session don't forget to reset note cache (titles), #1810

2021-04-03 22:02:25 +07:00 · 2021-04-03 22:02:25 +07:00 · ef37a52a06
parent 2318d615bb
commit ef37a52a06
6 changed files with 25 additions and 4 deletions
--- a/src/public/app/services/protected_session_holder.js
+++ b/src/public/app/services/protected_session_holder.js
@ -1,5 +1,6 @@
 import utils from "./utils.js";
 import options from './options.js';
 import server from "./server.js";
 const PROTECTED_SESSION_ID_KEY = 'protectedSessionId';
@ -23,11 +24,11 @@ function resetSessionCookie() {
    utils.setSessionCookie(PROTECTED_SESSION_ID_KEY, null);
 }
-function resetProtectedSession() {
+async function resetProtectedSession() {
    resetSessionCookie();
-    // most secure solution - guarantees nothing remained in memory
+    await server.post("logout/protected");
-    // since this expires because user doesn't use the app, it shouldn't be disruptive
+
    utils.reloadApp();
 }
--- a/src/routes/api/login.js
+++ b/src/routes/api/login.js
@ -78,6 +78,12 @@ function loginToProtectedSession(req) {
    };
 }
 function logoutFromProtectedSession() {
    protectedSessionService.resetDataKey();
    eventService.emit(eventService.LEAVE_PROTECTED_SESSION);
 }
 function token(req) {
    const username = req.body.username;
    const password = req.body.password;
@ -101,5 +107,6 @@ function token(req) {
 module.exports = {
    loginSync,
    loginToProtectedSession,
    logoutFromProtectedSession,
    token
 };
--- a/src/routes/routes.js
+++ b/src/routes/routes.js
@ -270,6 +270,8 @@ function register(app) {
    route(POST, '/api/login/sync', [], loginApiRoute.loginSync, apiResultHandler);
    // this is for entering protected mode so user has to be already logged-in (that's the reason we don't require username)
    apiRoute(POST, '/api/login/protected', loginApiRoute.loginToProtectedSession);
    apiRoute(POST, '/api/logout/protected', loginApiRoute.logoutFromProtectedSession);
    route(POST, '/api/login/token', [], loginApiRoute.token, apiResultHandler);
    // in case of local electron, local calls are allowed unauthenticated, for server they need auth
--- a/src/services/events.js
+++ b/src/services/events.js
@ -2,6 +2,7 @@ const log = require('./log');
 const NOTE_TITLE_CHANGED = "NOTE_TITLE_CHANGED";
 const ENTER_PROTECTED_SESSION = "ENTER_PROTECTED_SESSION";
 const LEAVE_PROTECTED_SESSION = "LEAVE_PROTECTED_SESSION";
 const ENTITY_CREATED = "ENTITY_CREATED";
 const ENTITY_CHANGED = "ENTITY_CHANGED";
 const ENTITY_DELETED = "ENTITY_DELETED";
@ -47,6 +48,7 @@ module.exports = {
    // event types:
    NOTE_TITLE_CHANGED,
    ENTER_PROTECTED_SESSION,
    LEAVE_PROTECTED_SESSION,
    ENTITY_CREATED,
    ENTITY_CHANGED,
    ENTITY_DELETED,
--- a/src/services/note_cache/note_cache_loader.js
+++ b/src/services/note_cache/note_cache_loader.js
@ -177,6 +177,10 @@ eventService.subscribe(eventService.ENTER_PROTECTED_SESSION, () => {
    }
 });
 eventService.subscribe(eventService.LEAVE_PROTECTED_SESSION, () => {
    load();
 });
 module.exports = {
    load
 };
--- a/src/services/protected_session.js
+++ b/src/services/protected_session.js
@ -5,7 +5,7 @@ const log = require('./log');
 const dataEncryptionService = require('./data_encryption');
 const cls = require('./cls');
-const dataKeyMap = {};
+let dataKeyMap = {};
 function setDataKey(decryptedDataKey) {
    const protectedSessionId = utils.randomSecureToken(32);
@ -29,6 +29,10 @@ function getDataKey() {
    return dataKeyMap[protectedSessionId];
 }
 function resetDataKey() {
    dataKeyMap = {};
 }
 function isProtectedSessionAvailable() {
    const protectedSessionId = getProtectedSessionId();
@ -71,6 +75,7 @@ function decryptString(cipherText) {
 module.exports = {
    setDataKey,
    getDataKey,
    resetDataKey,
    isProtectedSessionAvailable,
    encrypt,
    decrypt,