diff --git a/CHANGELOG.md b/CHANGELOG.md index 9a3119e0..4018910d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +# 1.1.1+4 +* Patched `logout` to properly erase cookies +* Fixed checking of expired tokens. + # 1.1.1+3 * `authenticate` returns the current user, if one is present. diff --git a/lib/src/plugin.dart b/lib/src/plugin.dart index 5051bd41..f830fd78 100644 --- a/lib/src/plugin.dart +++ b/lib/src/plugin.dart @@ -138,9 +138,10 @@ class AngelAuth { } if (token.lifeSpan > -1) { - token.issuedAt.add(new Duration(milliseconds: token.lifeSpan.toInt())); + var expiry = token.issuedAt + .add(new Duration(milliseconds: token.lifeSpan.toInt())); - if (!token.issuedAt.isAfter(new DateTime.now())) + if (!expiry.isAfter(new DateTime.now())) throw new AngelHttpException.forbidden(message: "Expired JWT."); } @@ -209,12 +210,12 @@ class AngelAuth { } if (token.lifeSpan > -1) { - token.issuedAt + var expiry = token.issuedAt .add(new Duration(milliseconds: token.lifeSpan.toInt())); - if (!token.issuedAt.isAfter(new DateTime.now())) { - print( - 'Token has indeed expired! Resetting assignment date to current timestamp...'); + if (!expiry.isAfter(new DateTime.now())) { + //print( + // 'Token has indeed expired! Resetting assignment date to current timestamp...'); // Extend its lifespan by changing iat token.issuedAt = new DateTime.now(); } @@ -364,8 +365,10 @@ class AngelAuth { req.injections..remove(AuthToken)..remove('user'); req.properties.remove('user'); - if (allowCookie == true) + if (allowCookie == true) { res.cookies.removeWhere((cookie) => cookie.name == "token"); + res.cookies.add(protectCookie(new Cookie('token', ''))); + } if (options != null && options.successRedirect != null && diff --git a/pubspec.yaml b/pubspec.yaml index b748867a..84f56890 100644 --- a/pubspec.yaml +++ b/pubspec.yaml @@ -1,6 +1,6 @@ name: angel_auth description: A complete authentication plugin for Angel. -version: 1.1.1+3 +version: 1.1.1+4 author: Tobe O homepage: https://github.com/angel-dart/angel_auth environment: