Force logout on password change/removal


#1

Anyone knows how to force logout when changing password in JWT?

I just want an middleware or something to check if this.user.password differs from the string in DB so if an admin changes/removes the password the user will be redirected to logout and there this.$auth.logout()


#2

Really… no one?


#3

Maybe that will helps you.

'use strict'

class Authenticated {
  async handle ({ auth, response }, next) {

    try{

      // Check here if password is different 

        if (oldPwString != newPwString) {
          await auth.logout()
          return response.rout('logout')
        }

    } catch (error) {

    }
    // call next to advance the request
    await next()
  }
}

module.exports = Authenticated

#4

@peter Whenever you have questions like this, try to approach them from the fundamentals and search internet for general design patterns. Adonis is just going to be code around that pattern.

On that note please read this and don’t mind searching more around the same topic https://security.stackexchange.com/questions/82640/best-practices-to-invalidate-jwt-while-changing-passwords-and-logout-in-node-js