strapi-plugin-magic-sessionmanager 4.3.2 → 4.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/server/index.js +68 -16
  2. package/dist/server/index.mjs +68 -16
  3. package/package.json +1 -1
package/dist/server/index.js CHANGED
@@ -319,6 +319,8 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
319
319
  userDocId2 = await getDocumentIdFromNumericId(strapi2, ctx.state.user.id);
320
320
  }
321
321
  if (userDocId2) {
322
+ const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
323
+ const strictMode = config2.strictSessionEnforcement === true;
322
324
  const activeSessions = await strapi2.documents(SESSION_UID$4).findMany({
323
325
  filters: {
324
326
  user: { documentId: userDocId2 },
@@ -327,8 +329,17 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
327
329
  limit: 1
328
330
  });
329
331
  if (!activeSessions || activeSessions.length === 0) {
330
- strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Request blocked - session terminated or invalid (user: ${userDocId2.substring(0, 8)}...)`);
331
- return ctx.unauthorized("All sessions have been terminated. Please login again.");
332
+ const allSessions = await strapi2.documents(SESSION_UID$4).findMany({
333
+ filters: { user: { documentId: userDocId2 } },
334
+ limit: 1,
335
+ fields: ["isActive"]
336
+ });
337
+ const hasInactiveSessions = allSessions?.some((s3) => s3.isActive === false);
338
+ if (strictMode && hasInactiveSessions) {
339
+ strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Session terminated (user: ${userDocId2.substring(0, 8)}...)`);
340
+ return ctx.unauthorized("Session has been terminated. Please login again.");
341
+ }
342
+ strapi2.log.debug(`[magic-sessionmanager] [WARN] No active session for user ${userDocId2.substring(0, 8)}... (allowing)`);
332
343
  }
333
344
  ctx.state.userDocumentId = userDocId2;
334
345
  }
@@ -775,6 +786,8 @@ async function registerSessionAwareAuthStrategy(strapi2, log) {
775
786
  if (!decoded || !decoded.id) {
776
787
  return decoded;
777
788
  }
789
+ const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
790
+ const strictMode = config2.strictSessionEnforcement === true;
778
791
  try {
779
792
  let userDocId = null;
780
793
  const user = await strapi2.entityService.findOne(
@@ -784,31 +797,56 @@ async function registerSessionAwareAuthStrategy(strapi2, log) {
784
797
  );
785
798
  userDocId = user?.documentId;
786
799
  if (!userDocId) {
800
+ strapi2.log.debug("[magic-sessionmanager] [JWT] No documentId found, allowing through");
787
801
  return decoded;
788
802
  }
789
- strapi2.log.debug(`[magic-sessionmanager] [JWT] Checking sessions for user: ${userDocId}`);
790
803
  const activeSessions = await strapi2.documents(SESSION_UID$3).findMany({
791
804
  filters: {
792
805
  user: { documentId: userDocId },
793
806
  isActive: true
794
807
  },
795
- limit: 1,
796
- populate: { user: { fields: ["documentId"] } }
808
+ limit: 1
797
809
  });
798
- strapi2.log.debug(`[magic-sessionmanager] [JWT] Found ${activeSessions?.length || 0} active sessions`);
799
- if (!activeSessions || activeSessions.length === 0) {
800
- const allSessions = await strapi2.documents(SESSION_UID$3).findMany({
801
- filters: { user: { documentId: userDocId } },
802
- limit: 5
803
- });
810
+ if (activeSessions && activeSessions.length > 0) {
811
+ return decoded;
812
+ }
813
+ const allSessions = await strapi2.documents(SESSION_UID$3).findMany({
814
+ filters: { user: { documentId: userDocId } },
815
+ limit: 5,
816
+ fields: ["isActive", "lastActive"]
817
+ });
818
+ const totalSessions = allSessions?.length || 0;
819
+ const hasInactiveSessions = allSessions?.some((s3) => s3.isActive === false);
820
+ if (!strictMode) {
821
+ if (totalSessions === 0) {
822
+ strapi2.log.warn(
823
+ `[magic-sessionmanager] [JWT-WARN] No session found for user ${userDocId.substring(0, 8)}... (allowing - session may not have been created)`
824
+ );
825
+ } else if (hasInactiveSessions) {
826
+ strapi2.log.warn(
827
+ `[magic-sessionmanager] [JWT-WARN] User ${userDocId.substring(0, 8)}... has ${totalSessions} inactive sessions but no active ones (allowing - strictMode off)`
828
+ );
829
+ }
830
+ return decoded;
831
+ }
832
+ if (totalSessions === 0) {
833
+ strapi2.log.warn(
834
+ `[magic-sessionmanager] [JWT-ALLOW] No sessions exist for user ${userDocId.substring(0, 8)}... (allowing - possible race condition)`
835
+ );
836
+ return decoded;
837
+ }
838
+ if (hasInactiveSessions) {
804
839
  strapi2.log.info(
805
- `[magic-sessionmanager] [JWT-BLOCKED] Valid JWT but no active session (user: ${userDocId.substring(0, 8)}..., total sessions: ${allSessions?.length || 0})`
840
+ `[magic-sessionmanager] [JWT-BLOCKED] User ${userDocId.substring(0, 8)}... was logged out (${totalSessions} inactive sessions)`
806
841
  );
807
842
  return null;
808
843
  }
844
+ strapi2.log.warn(
845
+ `[magic-sessionmanager] [JWT-ALLOW] Unexpected session state for user ${userDocId.substring(0, 8)}... (allowing)`
846
+ );
809
847
  return decoded;
810
848
  } catch (err) {
811
- strapi2.log.debug("[magic-sessionmanager] [AUTH] Session check error:", err.message);
849
+ strapi2.log.warn("[magic-sessionmanager] [JWT] Session check error (allowing):", err.message);
812
850
  return decoded;
813
851
  }
814
852
  };
@@ -2607,7 +2645,7 @@ var session$1 = ({ strapi: strapi2 }) => {
2607
2645
  }
2608
2646
  };
2609
2647
  };
2610
- const version$1 = "4.3.1";
2648
+ const version$1 = "4.3.2";
2611
2649
  const require$$2 = {
2612
2650
  version: version$1
2613
2651
  };
@@ -38931,6 +38969,8 @@ var sessionRequired$1 = async (policyContext, config2, { strapi: strapi2 }) => {
38931
38969
  if (!userDocId) {
38932
38970
  return true;
38933
38971
  }
38972
+ const config3 = strapi2.config.get("plugin::magic-sessionmanager") || {};
38973
+ const strictMode = config3.strictSessionEnforcement === true;
38934
38974
  const activeSessions = await strapi2.documents(SESSION_UID).findMany({
38935
38975
  filters: {
38936
38976
  user: { documentId: userDocId },
@@ -38938,12 +38978,24 @@ var sessionRequired$1 = async (policyContext, config2, { strapi: strapi2 }) => {
38938
38978
  },
38939
38979
  limit: 1
38940
38980
  });
38941
- if (!activeSessions || activeSessions.length === 0) {
38981
+ if (activeSessions && activeSessions.length > 0) {
38982
+ return true;
38983
+ }
38984
+ const allSessions = await strapi2.documents(SESSION_UID).findMany({
38985
+ filters: { user: { documentId: userDocId } },
38986
+ limit: 1,
38987
+ fields: ["isActive"]
38988
+ });
38989
+ const hasInactiveSessions = allSessions?.some((s3) => s3.isActive === false);
38990
+ if (strictMode && hasInactiveSessions) {
38942
38991
  strapi2.log.info(
38943
- `[magic-sessionmanager] [POLICY-BLOCKED] JWT valid but no active session (user: ${userDocId.substring(0, 8)}...)`
38992
+ `[magic-sessionmanager] [POLICY-BLOCKED] Session terminated (user: ${userDocId.substring(0, 8)}...)`
38944
38993
  );
38945
38994
  throw new errors.UnauthorizedError("Session terminated. Please login again.");
38946
38995
  }
38996
+ strapi2.log.debug(
38997
+ `[magic-sessionmanager] [POLICY-WARN] No active session for user ${userDocId.substring(0, 8)}... (allowing)`
38998
+ );
38947
38999
  return true;
38948
39000
  } catch (err) {
38949
39001
  if (err instanceof errors.UnauthorizedError) {
package/dist/server/index.mjs CHANGED
@@ -306,6 +306,8 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
306
306
  userDocId2 = await getDocumentIdFromNumericId(strapi2, ctx.state.user.id);
307
307
  }
308
308
  if (userDocId2) {
309
+ const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
310
+ const strictMode = config2.strictSessionEnforcement === true;
309
311
  const activeSessions = await strapi2.documents(SESSION_UID$4).findMany({
310
312
  filters: {
311
313
  user: { documentId: userDocId2 },
@@ -314,8 +316,17 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
314
316
  limit: 1
315
317
  });
316
318
  if (!activeSessions || activeSessions.length === 0) {
317
- strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Request blocked - session terminated or invalid (user: ${userDocId2.substring(0, 8)}...)`);
318
- return ctx.unauthorized("All sessions have been terminated. Please login again.");
319
+ const allSessions = await strapi2.documents(SESSION_UID$4).findMany({
320
+ filters: { user: { documentId: userDocId2 } },
321
+ limit: 1,
322
+ fields: ["isActive"]
323
+ });
324
+ const hasInactiveSessions = allSessions?.some((s3) => s3.isActive === false);
325
+ if (strictMode && hasInactiveSessions) {
326
+ strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Session terminated (user: ${userDocId2.substring(0, 8)}...)`);
327
+ return ctx.unauthorized("Session has been terminated. Please login again.");
328
+ }
329
+ strapi2.log.debug(`[magic-sessionmanager] [WARN] No active session for user ${userDocId2.substring(0, 8)}... (allowing)`);
319
330
  }
320
331
  ctx.state.userDocumentId = userDocId2;
321
332
  }
@@ -762,6 +773,8 @@ async function registerSessionAwareAuthStrategy(strapi2, log) {
762
773
  if (!decoded || !decoded.id) {
763
774
  return decoded;
764
775
  }
776
+ const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
777
+ const strictMode = config2.strictSessionEnforcement === true;
765
778
  try {
766
779
  let userDocId = null;
767
780
  const user = await strapi2.entityService.findOne(
@@ -771,31 +784,56 @@ async function registerSessionAwareAuthStrategy(strapi2, log) {
771
784
  );
772
785
  userDocId = user?.documentId;
773
786
  if (!userDocId) {
787
+ strapi2.log.debug("[magic-sessionmanager] [JWT] No documentId found, allowing through");
774
788
  return decoded;
775
789
  }
776
- strapi2.log.debug(`[magic-sessionmanager] [JWT] Checking sessions for user: ${userDocId}`);
777
790
  const activeSessions = await strapi2.documents(SESSION_UID$3).findMany({
778
791
  filters: {
779
792
  user: { documentId: userDocId },
780
793
  isActive: true
781
794
  },
782
- limit: 1,
783
- populate: { user: { fields: ["documentId"] } }
795
+ limit: 1
784
796
  });
785
- strapi2.log.debug(`[magic-sessionmanager] [JWT] Found ${activeSessions?.length || 0} active sessions`);
786
- if (!activeSessions || activeSessions.length === 0) {
787
- const allSessions = await strapi2.documents(SESSION_UID$3).findMany({
788
- filters: { user: { documentId: userDocId } },
789
- limit: 5
790
- });
797
+ if (activeSessions && activeSessions.length > 0) {
798
+ return decoded;
799
+ }
800
+ const allSessions = await strapi2.documents(SESSION_UID$3).findMany({
801
+ filters: { user: { documentId: userDocId } },
802
+ limit: 5,
803
+ fields: ["isActive", "lastActive"]
804
+ });
805
+ const totalSessions = allSessions?.length || 0;
806
+ const hasInactiveSessions = allSessions?.some((s3) => s3.isActive === false);
807
+ if (!strictMode) {
808
+ if (totalSessions === 0) {
809
+ strapi2.log.warn(
810
+ `[magic-sessionmanager] [JWT-WARN] No session found for user ${userDocId.substring(0, 8)}... (allowing - session may not have been created)`
811
+ );
812
+ } else if (hasInactiveSessions) {
813
+ strapi2.log.warn(
814
+ `[magic-sessionmanager] [JWT-WARN] User ${userDocId.substring(0, 8)}... has ${totalSessions} inactive sessions but no active ones (allowing - strictMode off)`
815
+ );
816
+ }
817
+ return decoded;
818
+ }
819
+ if (totalSessions === 0) {
820
+ strapi2.log.warn(
821
+ `[magic-sessionmanager] [JWT-ALLOW] No sessions exist for user ${userDocId.substring(0, 8)}... (allowing - possible race condition)`
822
+ );
823
+ return decoded;
824
+ }
825
+ if (hasInactiveSessions) {
791
826
  strapi2.log.info(
792
- `[magic-sessionmanager] [JWT-BLOCKED] Valid JWT but no active session (user: ${userDocId.substring(0, 8)}..., total sessions: ${allSessions?.length || 0})`
827
+ `[magic-sessionmanager] [JWT-BLOCKED] User ${userDocId.substring(0, 8)}... was logged out (${totalSessions} inactive sessions)`
793
828
  );
794
829
  return null;
795
830
  }
831
+ strapi2.log.warn(
832
+ `[magic-sessionmanager] [JWT-ALLOW] Unexpected session state for user ${userDocId.substring(0, 8)}... (allowing)`
833
+ );
796
834
  return decoded;
797
835
  } catch (err) {
798
- strapi2.log.debug("[magic-sessionmanager] [AUTH] Session check error:", err.message);
836
+ strapi2.log.warn("[magic-sessionmanager] [JWT] Session check error (allowing):", err.message);
799
837
  return decoded;
800
838
  }
801
839
  };
@@ -2594,7 +2632,7 @@ var session$1 = ({ strapi: strapi2 }) => {
2594
2632
  }
2595
2633
  };
2596
2634
  };
2597
- const version$1 = "4.3.1";
2635
+ const version$1 = "4.3.2";
2598
2636
  const require$$2 = {
2599
2637
  version: version$1
2600
2638
  };
@@ -38918,6 +38956,8 @@ var sessionRequired$1 = async (policyContext, config2, { strapi: strapi2 }) => {
38918
38956
  if (!userDocId) {
38919
38957
  return true;
38920
38958
  }
38959
+ const config3 = strapi2.config.get("plugin::magic-sessionmanager") || {};
38960
+ const strictMode = config3.strictSessionEnforcement === true;
38921
38961
  const activeSessions = await strapi2.documents(SESSION_UID).findMany({
38922
38962
  filters: {
38923
38963
  user: { documentId: userDocId },
@@ -38925,12 +38965,24 @@ var sessionRequired$1 = async (policyContext, config2, { strapi: strapi2 }) => {
38925
38965
  },
38926
38966
  limit: 1
38927
38967
  });
38928
- if (!activeSessions || activeSessions.length === 0) {
38968
+ if (activeSessions && activeSessions.length > 0) {
38969
+ return true;
38970
+ }
38971
+ const allSessions = await strapi2.documents(SESSION_UID).findMany({
38972
+ filters: { user: { documentId: userDocId } },
38973
+ limit: 1,
38974
+ fields: ["isActive"]
38975
+ });
38976
+ const hasInactiveSessions = allSessions?.some((s3) => s3.isActive === false);
38977
+ if (strictMode && hasInactiveSessions) {
38929
38978
  strapi2.log.info(
38930
- `[magic-sessionmanager] [POLICY-BLOCKED] JWT valid but no active session (user: ${userDocId.substring(0, 8)}...)`
38979
+ `[magic-sessionmanager] [POLICY-BLOCKED] Session terminated (user: ${userDocId.substring(0, 8)}...)`
38931
38980
  );
38932
38981
  throw new errors.UnauthorizedError("Session terminated. Please login again.");
38933
38982
  }
38983
+ strapi2.log.debug(
38984
+ `[magic-sessionmanager] [POLICY-WARN] No active session for user ${userDocId.substring(0, 8)}... (allowing)`
38985
+ );
38934
38986
  return true;
38935
38987
  } catch (err) {
38936
38988
  if (err instanceof errors.UnauthorizedError) {
package/package.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "4.3.2",
2
+ "version": "4.3.3",
3
3
  "keywords": [
4
4
  "strapi",
5
5
  "strapi-plugin",