From abd623f2cabc7724bd92ce8eeb6b2e8466ed3d33 Mon Sep 17 00:00:00 2001
From: Bastian Wagner <bastian.wagner@softconcis.de>
Date: Thu, 12 Sep 2024 13:47:56 +0200
Subject: [PATCH] pw revision

---
 idp/src/model/entity/session-key.entity.ts | 6 ++++++
 idp/src/shared/users.service.ts            | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/idp/src/model/entity/session-key.entity.ts b/idp/src/model/entity/session-key.entity.ts
index 3d2b96e..a777a86 100644
--- a/idp/src/model/entity/session-key.entity.ts
+++ b/idp/src/model/entity/session-key.entity.ts
@@ -5,9 +5,11 @@ import {
   DataSource,
   Repository,
   CreateDateColumn,
+  Column,
 } from 'typeorm';
 import { User } from './user.entity';
 import { Injectable } from '@nestjs/common';
+import { Exclude } from 'class-transformer';
 
 @Entity()
 export class SessionKey {
@@ -17,6 +19,10 @@ export class SessionKey {
   @ManyToOne(() => User, (user) => user.sessionKeys, { eager: true })
   user: User;
 
+  @Exclude()
+  @Column()
+  pwRevision?: number;
+
   @CreateDateColumn()
   createdAt: Date;
 }
diff --git a/idp/src/shared/users.service.ts b/idp/src/shared/users.service.ts
index 00a60c8..17de91e 100644
--- a/idp/src/shared/users.service.ts
+++ b/idp/src/shared/users.service.ts
@@ -81,6 +81,7 @@ export class UsersService {
 
     const s = this.sessionRepo.create({
       user,
+      pwRevision: user.pwRevision,
     });
     const session = await this.sessionRepo.save(s);
     this.activityRepo.logLogin();
@@ -125,6 +126,10 @@ export class UsersService {
       throw new HttpException('User is not active', 401);
     }
 
+    if (user.pwRevision != session.pwRevision) {
+      throw new HttpException('Invalid session key', 401);
+    }
+
     if (getUserAccessToken) {
       user.accessToken = this.createAccessToken(user);
       user.refreshToken = this.createRefreshToken(user);