jordi fita mas
5eeaab2013
This is for security, just in case two users have the same cookie, althought it is unlikely, but nevertheless less guessable. I also need to refresh the cookie when the user changes their email address, because it is liked toghether. It does mean that it will logout from everywhere else, but i can not do anything about that.
33 lines
839 B
PL/PgSQL
33 lines
839 B
PL/PgSQL
-- Deploy numerus:logout to pg
|
|
-- requires: schema_auth
|
|
-- requires: user
|
|
-- requires: current_user_cookie
|
|
-- requires: current_user_email
|
|
|
|
begin;
|
|
|
|
set search_path to numerus, auth, public;
|
|
|
|
create or replace function logout() returns void as
|
|
$$
|
|
update "user"
|
|
set cookie = default
|
|
, cookie_expires_at = default
|
|
where email = current_user_email()
|
|
and cookie = current_user_cookie()
|
|
and cookie_expires_at > current_timestamp
|
|
and length(cookie) > 30
|
|
$$
|
|
language sql
|
|
security definer
|
|
set search_path to auth, numerus, pg_temp;
|
|
|
|
comment on function logout() is
|
|
'Removes the cookie and its expiry data from the current user, as returned by current_user_email and current_user_cookie';
|
|
|
|
revoke execute on function logout() from public;
|
|
grant execute on function logout() to invoicer;
|
|
grant execute on function logout() to admin;
|
|
|
|
commit;
|