From e896759e1e5cf87c9a499d7477cdfabb85d07752 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 11 Nov 2021 00:14:03 +0100 Subject: [PATCH 1/2] "implemented" logout call --- backend/src/graphql/resolver/UserResolver.ts | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts index 2ecd523e9..ebb5000c9 100644 --- a/backend/src/graphql/resolver/UserResolver.ts +++ b/backend/src/graphql/resolver/UserResolver.ts @@ -263,13 +263,13 @@ export class UserResolver { @Authorized() @Query(() => String) - async logout(@Ctx() context: any): Promise { - const payload = { session_id: context.sessionId } - const result = await apiPost(CONFIG.LOGIN_API_URL + 'logout', payload) - if (!result.success) { - throw new Error(result.data) - } - return 'success' + async logout(@Ctx() context: any): Promise { + // TODO: We dont need this anymore, but might need this in the future in oder to invalidate a valid JWT-Token. + // Furthermore this hook can be useful for tracking user behaviour (did he logout or not? Flag him if he didn't on next login) + // The functionality is fully client side - the client just needs to delete his token with the current implementation. + // we could try to force this by sending `token: null` or `token: ''` with this call. But since it bares no real security + // we should just return true for now. + return true } @Mutation(() => String) From d7c515491245a3ff576315c0e85165c38f889d8b Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 11 Nov 2021 00:30:00 +0100 Subject: [PATCH 2/2] removed unused context corrected comment removed unused code-comment --- backend/src/graphql/resolver/UserResolver.ts | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts index ebb5000c9..888a1aa00 100644 --- a/backend/src/graphql/resolver/UserResolver.ts +++ b/backend/src/graphql/resolver/UserResolver.ts @@ -263,9 +263,9 @@ export class UserResolver { @Authorized() @Query(() => String) - async logout(@Ctx() context: any): Promise { + async logout(): Promise { // TODO: We dont need this anymore, but might need this in the future in oder to invalidate a valid JWT-Token. - // Furthermore this hook can be useful for tracking user behaviour (did he logout or not? Flag him if he didn't on next login) + // Furthermore this hook can be useful for tracking user behaviour (did he logout or not? Warn him if he didn't on next login) // The functionality is fully client side - the client just needs to delete his token with the current implementation. // we could try to force this by sending `token: null` or `token: ''` with this call. But since it bares no real security // we should just return true for now. @@ -574,7 +574,6 @@ export class UserResolver { @Authorized() @Query(() => Boolean) async hasElopage(@Ctx() context: any): Promise { - // const result = await apiGet(CONFIG.LOGIN_API_URL + 'hasElopage?session_id=' + context.sessionId) const userRepository = getCustomRepository(UserRepository) const userEntity = await userRepository.findByPubkeyHex(context.pubKey).catch() if (!userEntity) {