// This user does not belong to this plugin, skip it
if (user.pluginAuth !== obj.pluginName) return null
+ checkUserValidityOrThrow(user)
+
return user
}
}
const passwordMatch = await user.isPasswordMatch(password)
if (passwordMatch !== true) return null
- if (user.blocked) throw new AccessDeniedError('User is blocked.')
+ checkUserValidityOrThrow(user)
if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION && user.emailVerified === false) {
throw new AccessDeniedError('User email is not verified.')
return user
}
-async function revokeToken (tokenInfo: { refreshToken: string }) {
+async function revokeToken (tokenInfo: { refreshToken: string }): Promise<{ success: boolean, redirectUrl?: string }> {
const res: express.Response = this.request.res
const token = await OAuthTokenModel.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken)
if (token) {
+ let redirectUrl: string
+
if (res.locals.explicitLogout === true && token.User.pluginAuth && token.authName) {
- PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName, token.User)
+ redirectUrl = await PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName, token.User, this.request)
}
clearCacheByToken(token.accessToken)
token.destroy()
.catch(err => logger.error('Cannot destroy token when revoking token.', { err }))
- return true
+ return { success: true, redirectUrl }
}
- return false
+ return { success: false }
}
async function saveToken (token: TokenInfo, client: OAuthClientModel, user: UserModel) {
return user
}
+
+function checkUserValidityOrThrow (user: MUser) {
+ if (user.blocked) throw new AccessDeniedError('User is blocked.')
+}