Merge pull request #649 from bluewave-labs/fix/remove-double-login-protection

Revert double login prevention
2026-01-21 00:59:44 -06:00 · 2024-08-15 11:50:20 -07:00
parent cef2ff5d67 5ea1b15e9e
commit 29b790a8e2
6 changed files with 8 additions and 69 deletions
--- a/Client/src/Components/Sidebar/index.jsx
+++ b/Client/src/Components/Sidebar/index.jsx
@@ -78,28 +78,10 @@ function Sidebar() {
   *
   */
  const logout = async () => {
-    try {
-      // Make request to BE to remove JWT from user
-      await axiosInstance.post(
-        "/auth/logout",
-        { email: authState.user.email },
-        {
-          headers: {
-            Authorization: `Bearer ${authState.authToken}`,
-            "Content-Type": "application/json",
-          },
-        }
-      );
-
-      // Clear auth state
-      dispatch(clearAuthState());
-      dispatch(clearUptimeMonitorState());
-      navigate("/login");
-    } catch (error) {
-      createToast({
-        body: error.message,
-      });
-    }
+    // Clear auth state
+    dispatch(clearAuthState());
+    dispatch(clearUptimeMonitorState());
+    navigate("/login");
  };

  /**
--- a/Server/controllers/authController.js
+++ b/Server/controllers/authController.js
@@ -136,10 +136,6 @@ const loginController = async (req, res, next) => {
      throw new Error(errorMessages.AUTH_INCORRECT_PASSWORD);
    }

-    if (user.authToken) {
-      throw new Error(errorMessages.AUTH_ALREADY_LOGGED_IN);
-    }
-
    // Remove password from user object.  Should this be abstracted to DB layer?
    const userWithoutPassword = { ...user._doc };
    delete userWithoutPassword.password;
@@ -164,23 +160,6 @@ const loginController = async (req, res, next) => {
  }
 };

-const logoutController = async (req, res, next) => {
-  try {
-    // Get user
-    const { email } = req.body;
-    const userToLogout = await req.db.getUserByEmail(email);
-    userToLogout.authToken = null;
-    await userToLogout.save();
-
-    return res
-      .status(200)
-      .json({ success: true, msg: successMessages.AUTH_LOGOUT_USER });
-  } catch (error) {
-    error.service = SERVICE_NAME;
-    next(error);
-  }
-};
-
 const userEditController = async (req, res, next) => {
  try {
    await editUserParamValidation.validateAsync(req.params);
@@ -524,7 +503,6 @@ const getAllUsersController = async (req, res) => {
 module.exports = {
  registerController,
  loginController,
-  logoutController,
  userEditController,
  inviteController,
  inviteVerifyController,
--- a/Server/middleware/verifyJWT.js
+++ b/Server/middleware/verifyJWT.js
@@ -34,27 +34,11 @@ const verifyJWT = (req, res, next) => {

  const parsedToken = token.slice(TOKEN_PREFIX.length, token.length);
  // Verify the token's authenticity
-  jwt.verify(parsedToken, process.env.JWT_SECRET, async (err, decoded) => {
+  jwt.verify(parsedToken, process.env.JWT_SECRET, (err, decoded) => {
    if (err) {
-      try {
-        const userId = jwt.decode(parsedToken)._id;
-        await req.db.logoutUser(userId);
-        logger.error(errorMessages.INVALID_AUTH_TOKEN, {
-          service: SERVICE_NAME,
-        });
-        return res
-          .status(401)
-          .json({ success: false, msg: errorMessages.INVALID_AUTH_TOKEN });
-      } catch (error) {
-        logger.error(errorMessages.UNKNOWN_ERROR, {
-          service: SERVICE_NAME,
-          error: error,
-        });
-        error.status = 401;
-        error.service = SERVICE_NAME;
-        next(error);
-        return;
-      }
+      return res
+        .status(401)
+        .json({ success: false, msg: errorMessages.INVALID_AUTH_TOKEN });
    }
    //Add the user to the request object for use in the route
    req.user = decoded;
--- a/Server/models/user.js
+++ b/Server/models/user.js
@@ -40,9 +40,6 @@ const UserSchema = mongoose.Schema(
      default: "user",
      enum: ["user", "admin"],
    },
-    authToken: {
-      type: String,
-    },
  },
  {
    timestamps: true,
--- a/Server/routes/authRoute.js
+++ b/Server/routes/authRoute.js
@@ -24,7 +24,6 @@ const {
 //Auth routes
 router.post("/register", upload.single("profileImage"), registerController);
 router.post("/login", loginController);
-router.post("/logout", logoutController);
 router.put(
  "/user/:userId",
  upload.single("profileImage"),
--- a/Server/utils/messages.js
+++ b/Server/utils/messages.js
@@ -7,7 +7,6 @@ const errorMessages = {
  UNAUTHORIZED: "Unauthorized access",
  AUTH_ADMIN_EXISTS: "Admin already exists",
  AUTH_INVITE_NOT_FOUND: "Invite not found",
-  AUTH_ALREADY_LOGGED_IN: "User already logged in",

  //Error handling middleware
  UNKNOWN_SERVICE: "Unknown service",