pw revision

idp/src/model/entity/session-key.entity.ts

@@ -5,9 +5,11 @@ import {
   DataSource,
   Repository,
   CreateDateColumn,
+  Column,
 } from 'typeorm';
 import { User } from './user.entity';
 import { Injectable } from '@nestjs/common';
+import { Exclude } from 'class-transformer';
 
 @Entity()
 export class SessionKey {
@@ -17,6 +19,10 @@ export class SessionKey {
   @ManyToOne(() => User, (user) => user.sessionKeys, { eager: true })
   user: User;
 
+  @Exclude()
+  @Column()
+  pwRevision?: number;
+
   @CreateDateColumn()
   createdAt: Date;
 }

idp/src/shared/users.service.ts

@@ -81,6 +81,7 @@ export class UsersService {
 
     const s = this.sessionRepo.create({
       user,
+      pwRevision: user.pwRevision,
     });
     const session = await this.sessionRepo.save(s);
     this.activityRepo.logLogin();
@@ -125,6 +126,10 @@ export class UsersService {
       throw new HttpException('User is not active', 401);
     }
 
+    if (user.pwRevision != session.pwRevision) {
+      throw new HttpException('Invalid session key', 401);
+    }
+
     if (getUserAccessToken) {
       user.accessToken = this.createAccessToken(user);
       user.refreshToken = this.createRefreshToken(user);