Don't automatically log in again if the user manually logged out
Fixes #2759
This commit is contained in:
parent
447fe8ba08
commit
6494b34da3
|
@ -3,6 +3,7 @@
|
|||
## Unreleased
|
||||
|
||||
- #326: Add the ability to reset your password
|
||||
- #2759: Don't automatically log in again if the user manually logged out
|
||||
- #2816: Chat highlight behaves odd
|
||||
- #2925: File upload is not always enabled
|
||||
- #3001: Add option to save SCRAM details and to use them to stay logged in upon reload
|
||||
|
|
|
@ -243,6 +243,11 @@ export const api = _converse.api = {
|
|||
// Recreate all the promises
|
||||
Object.keys(_converse.promises).forEach(replacePromise);
|
||||
delete _converse.jid
|
||||
|
||||
// Remove the session JID, otherwise the user would just be logged
|
||||
// in again upon reload. See #2759
|
||||
localStorage.removeItem('conversejs-session-jid');
|
||||
|
||||
/**
|
||||
* Triggered once the user has logged out.
|
||||
* @event _converse#logout
|
||||
|
|
|
@ -293,14 +293,21 @@ async function getLoginCredentialsFromURL () {
|
|||
|
||||
|
||||
async function getLoginCredentialsFromBrowser () {
|
||||
const jid = localStorage.getItem('conversejs-session-jid');
|
||||
if (!jid) return null;
|
||||
|
||||
try {
|
||||
const creds = await navigator.credentials.get({'password': true});
|
||||
if (creds && creds.type == 'password' && isValidJID(creds.id)) {
|
||||
// XXX: We don't actually compare `creds.id` with `jid` because
|
||||
// the user might have been presented a list of credentials with
|
||||
// which to log in, and we want to respect their wish.
|
||||
await setUserJID(creds.id);
|
||||
return {'jid': creds.id, 'password': creds.password};
|
||||
}
|
||||
} catch (e) {
|
||||
log.error(e);
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -319,6 +326,7 @@ async function getLoginCredentialsFromSCRAMKeys () {
|
|||
|
||||
export async function attemptNonPreboundSession (credentials, automatic) {
|
||||
const { api } = _converse;
|
||||
|
||||
if (api.settings.get("authentication") === _converse.LOGIN) {
|
||||
// XXX: If EITHER ``keepalive`` or ``auto_login`` is ``true`` and
|
||||
// ``authentication`` is set to ``login``, then Converse will try to log the user in,
|
||||
|
@ -342,9 +350,12 @@ export async function attemptNonPreboundSession (credentials, automatic) {
|
|||
}
|
||||
|
||||
if (!_converse.isTestEnv() && 'credentials' in navigator) {
|
||||
return connect(await getLoginCredentialsFromBrowser());
|
||||
const credentials = await getLoginCredentialsFromBrowser();
|
||||
if (credentials) return connect(credentials);
|
||||
}
|
||||
!_converse.isTestEnv() && log.warn("attemptNonPreboundSession: Couldn't find credentials to log in with");
|
||||
|
||||
if (!_converse.isTestEnv()) log.warn("attemptNonPreboundSession: Couldn't find credentials to log in with");
|
||||
|
||||
} else if (
|
||||
[_converse.ANONYMOUS, _converse.EXTERNAL].includes(api.settings.get("authentication")) &&
|
||||
(!automatic || api.settings.get("auto_login"))
|
||||
|
|
Loading…
Reference in New Issue
Block a user