From 4ee302b63a41e1de1cb48fc9ebac41ae0df62057 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 13 Apr 2021 12:03:46 -0500 Subject: [PATCH] Delete mismatched auth users, fixes #613 --- app/soapbox/reducers/__tests__/auth-test.js | 22 +++++++++++++++++++++ app/soapbox/reducers/auth.js | 11 +++++++++++ 2 files changed, 33 insertions(+) diff --git a/app/soapbox/reducers/__tests__/auth-test.js b/app/soapbox/reducers/__tests__/auth-test.js index 86ce1cbc0..103cfc4b0 100644 --- a/app/soapbox/reducers/__tests__/auth-test.js +++ b/app/soapbox/reducers/__tests__/auth-test.js @@ -154,6 +154,28 @@ describe('auth reducer', () => { const result = reducer(state, action); expect(result.get('me')).toEqual('5678'); }); + + it('deletes mismatched users', () => { + const action = { + type: VERIFY_CREDENTIALS_SUCCESS, + token: 'ABCDEFG', + account: { id: '1234' }, + }; + + const state = fromJS({ + users: { '4567': { id: '4567', access_token: 'ABCDEFG' } }, + users: { '8901': { id: '1234', access_token: 'ABCDEFG' } }, + users: { '5432': { id: '5432', access_token: 'HIJKLMN' } }, + }); + + const expected = fromJS({ + '1234': { id: '1234', access_token: 'ABCDEFG' }, + '5432': { id: '5432', access_token: 'HIJKLMN' }, + }); + + const result = reducer(state, action); + expect(result.get('users')).toEqual(expected); + }); }); describe('VERIFY_CREDENTIALS_FAIL', () => { diff --git a/app/soapbox/reducers/auth.js b/app/soapbox/reducers/auth.js index 29953f0b3..5c920f1c8 100644 --- a/app/soapbox/reducers/auth.js +++ b/app/soapbox/reducers/auth.js @@ -103,6 +103,16 @@ const upgradeLegacyId = (state, account) => { // By this point it's probably safe, but we'll leave it just in case. }; +// Returns a predicate function for filtering a mismatched user/token +const userMismatch = (token, account) => { + return (user, id) => { + const sameToken = user.get('access_token') === token; + const differentId = id !== account.id || user.get('id') !== account.id; + + return sameToken && differentId; + }; +}; + const importCredentials = (state, token, account) => { return state.withMutations(state => { state.setIn(['users', account.id], ImmutableMap({ @@ -110,6 +120,7 @@ const importCredentials = (state, token, account) => { access_token: token, })); state.setIn(['tokens', token, 'account'], account.id); + state.update('users', ImmutableMap(), users => users.filterNot(userMismatch(token, account))); state.update('me', null, me => me || account.id); upgradeLegacyId(state, account); });