Update the Update Account Status API to clear the cookie
After a user updates their status, their session no longer works however, the cookie may still exist in their browser, preventing other API calls from completing successfully.
This commit is contained in:
parent
953485299a
commit
9961609d71
2 changed files with 10 additions and 1 deletions
|
@ -1763,11 +1763,12 @@ App::patch('/v1/account/status')
|
||||||
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
||||||
->label('sdk.response.model', Response::MODEL_USER)
|
->label('sdk.response.model', Response::MODEL_USER)
|
||||||
->inject('requestTimestamp')
|
->inject('requestTimestamp')
|
||||||
|
->inject('request')
|
||||||
->inject('response')
|
->inject('response')
|
||||||
->inject('user')
|
->inject('user')
|
||||||
->inject('dbForProject')
|
->inject('dbForProject')
|
||||||
->inject('events')
|
->inject('events')
|
||||||
->action(function (?\DateTime $requestTimestamp, Response $response, Document $user, Database $dbForProject, Event $events) {
|
->action(function (?\DateTime $requestTimestamp, Request $request, Response $response, Document $user, Database $dbForProject, Event $events) {
|
||||||
|
|
||||||
$user->setAttribute('status', false);
|
$user->setAttribute('status', false);
|
||||||
|
|
||||||
|
@ -1781,6 +1782,12 @@ App::patch('/v1/account/status')
|
||||||
$response->addHeader('X-Fallback-Cookies', \json_encode([]));
|
$response->addHeader('X-Fallback-Cookies', \json_encode([]));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$protocol = $request->getProtocol();
|
||||||
|
$response
|
||||||
|
->addCookie(Auth::$cookieName . '_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
|
||||||
|
->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
||||||
|
;
|
||||||
|
|
||||||
$response->dynamic($user, Response::MODEL_ACCOUNT);
|
$response->dynamic($user, Response::MODEL_ACCOUNT);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -225,6 +225,8 @@ class AccountCustomClientTest extends Scope
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$this->assertEquals($response['headers']['status-code'], 200);
|
$this->assertEquals($response['headers']['status-code'], 200);
|
||||||
|
$this->assertStringContainsString('a_session_' . $this->getProject()['$id'] . '=deleted', $response['headers']['set-cookie']);
|
||||||
|
$this->assertEquals('[]', $response['headers']['x-fallback-cookies']);
|
||||||
|
|
||||||
$response = $this->client->call(Client::METHOD_GET, '/account', array_merge([
|
$response = $this->client->call(Client::METHOD_GET, '/account', array_merge([
|
||||||
'origin' => 'http://localhost',
|
'origin' => 'http://localhost',
|
||||||
|
|
Loading…
Reference in a new issue