strapi-plugin-magic-sessionmanager 4.3.2 → 4.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/server/index.js +72 -16
  2. package/dist/server/index.mjs +72 -16
  3. package/package.json +1 -1
package/dist/server/index.js CHANGED
@@ -319,6 +319,8 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
319
319
  userDocId2 = await getDocumentIdFromNumericId(strapi2, ctx.state.user.id);
320
320
  }
321
321
  if (userDocId2) {
322
+ const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
323
+ const strictMode = config2.strictSessionEnforcement === true;
322
324
  const activeSessions = await strapi2.documents(SESSION_UID$4).findMany({
323
325
  filters: {
324
326
  user: { documentId: userDocId2 },
@@ -327,8 +329,21 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
327
329
  limit: 1
328
330
  });
329
331
  if (!activeSessions || activeSessions.length === 0) {
330
- strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Request blocked - session terminated or invalid (user: ${userDocId2.substring(0, 8)}...)`);
331
- return ctx.unauthorized("All sessions have been terminated. Please login again.");
332
+ const allSessions = await strapi2.documents(SESSION_UID$4).findMany({
333
+ filters: { user: { documentId: userDocId2 } },
334
+ limit: 1,
335
+ fields: ["isActive"]
336
+ });
337
+ const hasInactiveSessions = allSessions?.some((s3) => s3.isActive === false);
338
+ if (hasInactiveSessions) {
339
+ strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Session terminated (user: ${userDocId2.substring(0, 8)}...)`);
340
+ return ctx.unauthorized("Session has been terminated. Please login again.");
341
+ }
342
+ if (strictMode) {
343
+ strapi2.log.info(`[magic-sessionmanager] [BLOCKED] No session exists (user: ${userDocId2.substring(0, 8)}..., strictMode)`);
344
+ return ctx.unauthorized("No valid session. Please login again.");
345
+ }
346
+ strapi2.log.warn(`[magic-sessionmanager] [WARN] No session for user ${userDocId2.substring(0, 8)}... (allowing)`);
332
347
  }
333
348
  ctx.state.userDocumentId = userDocId2;
334
349
  }
@@ -775,6 +790,8 @@ async function registerSessionAwareAuthStrategy(strapi2, log) {
775
790
  if (!decoded || !decoded.id) {
776
791
  return decoded;
777
792
  }
793
+ const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
794
+ const strictMode = config2.strictSessionEnforcement === true;
778
795
  try {
779
796
  let userDocId = null;
780
797
  const user = await strapi2.entityService.findOne(
@@ -784,31 +801,50 @@ async function registerSessionAwareAuthStrategy(strapi2, log) {
784
801
  );
785
802
  userDocId = user?.documentId;
786
803
  if (!userDocId) {
804
+ strapi2.log.debug("[magic-sessionmanager] [JWT] No documentId found, allowing through");
787
805
  return decoded;
788
806
  }
789
- strapi2.log.debug(`[magic-sessionmanager] [JWT] Checking sessions for user: ${userDocId}`);
790
807
  const activeSessions = await strapi2.documents(SESSION_UID$3).findMany({
791
808
  filters: {
792
809
  user: { documentId: userDocId },
793
810
  isActive: true
794
811
  },
795
- limit: 1,
796
- populate: { user: { fields: ["documentId"] } }
812
+ limit: 1
797
813
  });
798
- strapi2.log.debug(`[magic-sessionmanager] [JWT] Found ${activeSessions?.length || 0} active sessions`);
799
- if (!activeSessions || activeSessions.length === 0) {
800
- const allSessions = await strapi2.documents(SESSION_UID$3).findMany({
801
- filters: { user: { documentId: userDocId } },
802
- limit: 5
803
- });
814
+ if (activeSessions && activeSessions.length > 0) {
815
+ return decoded;
816
+ }
817
+ const allSessions = await strapi2.documents(SESSION_UID$3).findMany({
818
+ filters: { user: { documentId: userDocId } },
819
+ limit: 5,
820
+ fields: ["isActive", "lastActive"]
821
+ });
822
+ const totalSessions = allSessions?.length || 0;
823
+ const hasInactiveSessions = allSessions?.some((s3) => s3.isActive === false);
824
+ if (hasInactiveSessions) {
804
825
  strapi2.log.info(
805
- `[magic-sessionmanager] [JWT-BLOCKED] Valid JWT but no active session (user: ${userDocId.substring(0, 8)}..., total sessions: ${allSessions?.length || 0})`
826
+ `[magic-sessionmanager] [JWT-BLOCKED] User ${userDocId.substring(0, 8)}... was logged out (${totalSessions} inactive sessions)`
806
827
  );
807
828
  return null;
808
829
  }
830
+ if (totalSessions === 0) {
831
+ if (strictMode) {
832
+ strapi2.log.info(
833
+ `[magic-sessionmanager] [JWT-BLOCKED] No sessions exist for user ${userDocId.substring(0, 8)}... (strictMode enabled)`
834
+ );
835
+ return null;
836
+ }
837
+ strapi2.log.warn(
838
+ `[magic-sessionmanager] [JWT-WARN] No session found for user ${userDocId.substring(0, 8)}... (allowing - session may not have been created)`
839
+ );
840
+ return decoded;
841
+ }
842
+ strapi2.log.warn(
843
+ `[magic-sessionmanager] [JWT-ALLOW] Unexpected session state for user ${userDocId.substring(0, 8)}... (allowing)`
844
+ );
809
845
  return decoded;
810
846
  } catch (err) {
811
- strapi2.log.debug("[magic-sessionmanager] [AUTH] Session check error:", err.message);
847
+ strapi2.log.warn("[magic-sessionmanager] [JWT] Session check error (allowing):", err.message);
812
848
  return decoded;
813
849
  }
814
850
  };
@@ -2607,7 +2643,7 @@ var session$1 = ({ strapi: strapi2 }) => {
2607
2643
  }
2608
2644
  };
2609
2645
  };
2610
- const version$1 = "4.3.1";
2646
+ const version$1 = "4.3.3";
2611
2647
  const require$$2 = {
2612
2648
  version: version$1
2613
2649
  };
@@ -38931,6 +38967,8 @@ var sessionRequired$1 = async (policyContext, config2, { strapi: strapi2 }) => {
38931
38967
  if (!userDocId) {
38932
38968
  return true;
38933
38969
  }
38970
+ const config3 = strapi2.config.get("plugin::magic-sessionmanager") || {};
38971
+ const strictMode = config3.strictSessionEnforcement === true;
38934
38972
  const activeSessions = await strapi2.documents(SESSION_UID).findMany({
38935
38973
  filters: {
38936
38974
  user: { documentId: userDocId },
@@ -38938,12 +38976,30 @@ var sessionRequired$1 = async (policyContext, config2, { strapi: strapi2 }) => {
38938
38976
  },
38939
38977
  limit: 1
38940
38978
  });
38941
- if (!activeSessions || activeSessions.length === 0) {
38979
+ if (activeSessions && activeSessions.length > 0) {
38980
+ return true;
38981
+ }
38982
+ const allSessions = await strapi2.documents(SESSION_UID).findMany({
38983
+ filters: { user: { documentId: userDocId } },
38984
+ limit: 1,
38985
+ fields: ["isActive"]
38986
+ });
38987
+ const hasInactiveSessions = allSessions?.some((s3) => s3.isActive === false);
38988
+ if (hasInactiveSessions) {
38942
38989
  strapi2.log.info(
38943
- `[magic-sessionmanager] [POLICY-BLOCKED] JWT valid but no active session (user: ${userDocId.substring(0, 8)}...)`
38990
+ `[magic-sessionmanager] [POLICY-BLOCKED] Session terminated (user: ${userDocId.substring(0, 8)}...)`
38944
38991
  );
38945
38992
  throw new errors.UnauthorizedError("Session terminated. Please login again.");
38946
38993
  }
38994
+ if (strictMode) {
38995
+ strapi2.log.info(
38996
+ `[magic-sessionmanager] [POLICY-BLOCKED] No session exists (user: ${userDocId.substring(0, 8)}..., strictMode)`
38997
+ );
38998
+ throw new errors.UnauthorizedError("No valid session. Please login again.");
38999
+ }
39000
+ strapi2.log.warn(
39001
+ `[magic-sessionmanager] [POLICY-WARN] No session for user ${userDocId.substring(0, 8)}... (allowing)`
39002
+ );
38947
39003
  return true;
38948
39004
  } catch (err) {
38949
39005
  if (err instanceof errors.UnauthorizedError) {
package/dist/server/index.mjs CHANGED
@@ -306,6 +306,8 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
306
306
  userDocId2 = await getDocumentIdFromNumericId(strapi2, ctx.state.user.id);
307
307
  }
308
308
  if (userDocId2) {
309
+ const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
310
+ const strictMode = config2.strictSessionEnforcement === true;
309
311
  const activeSessions = await strapi2.documents(SESSION_UID$4).findMany({
310
312
  filters: {
311
313
  user: { documentId: userDocId2 },
@@ -314,8 +316,21 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
314
316
  limit: 1
315
317
  });
316
318
  if (!activeSessions || activeSessions.length === 0) {
317
- strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Request blocked - session terminated or invalid (user: ${userDocId2.substring(0, 8)}...)`);
318
- return ctx.unauthorized("All sessions have been terminated. Please login again.");
319
+ const allSessions = await strapi2.documents(SESSION_UID$4).findMany({
320
+ filters: { user: { documentId: userDocId2 } },
321
+ limit: 1,
322
+ fields: ["isActive"]
323
+ });
324
+ const hasInactiveSessions = allSessions?.some((s3) => s3.isActive === false);
325
+ if (hasInactiveSessions) {
326
+ strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Session terminated (user: ${userDocId2.substring(0, 8)}...)`);
327
+ return ctx.unauthorized("Session has been terminated. Please login again.");
328
+ }
329
+ if (strictMode) {
330
+ strapi2.log.info(`[magic-sessionmanager] [BLOCKED] No session exists (user: ${userDocId2.substring(0, 8)}..., strictMode)`);
331
+ return ctx.unauthorized("No valid session. Please login again.");
332
+ }
333
+ strapi2.log.warn(`[magic-sessionmanager] [WARN] No session for user ${userDocId2.substring(0, 8)}... (allowing)`);
319
334
  }
320
335
  ctx.state.userDocumentId = userDocId2;
321
336
  }
@@ -762,6 +777,8 @@ async function registerSessionAwareAuthStrategy(strapi2, log) {
762
777
  if (!decoded || !decoded.id) {
763
778
  return decoded;
764
779
  }
780
+ const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
781
+ const strictMode = config2.strictSessionEnforcement === true;
765
782
  try {
766
783
  let userDocId = null;
767
784
  const user = await strapi2.entityService.findOne(
@@ -771,31 +788,50 @@ async function registerSessionAwareAuthStrategy(strapi2, log) {
771
788
  );
772
789
  userDocId = user?.documentId;
773
790
  if (!userDocId) {
791
+ strapi2.log.debug("[magic-sessionmanager] [JWT] No documentId found, allowing through");
774
792
  return decoded;
775
793
  }
776
- strapi2.log.debug(`[magic-sessionmanager] [JWT] Checking sessions for user: ${userDocId}`);
777
794
  const activeSessions = await strapi2.documents(SESSION_UID$3).findMany({
778
795
  filters: {
779
796
  user: { documentId: userDocId },
780
797
  isActive: true
781
798
  },
782
- limit: 1,
783
- populate: { user: { fields: ["documentId"] } }
799
+ limit: 1
784
800
  });
785
- strapi2.log.debug(`[magic-sessionmanager] [JWT] Found ${activeSessions?.length || 0} active sessions`);
786
- if (!activeSessions || activeSessions.length === 0) {
787
- const allSessions = await strapi2.documents(SESSION_UID$3).findMany({
788
- filters: { user: { documentId: userDocId } },
789
- limit: 5
790
- });
801
+ if (activeSessions && activeSessions.length > 0) {
802
+ return decoded;
803
+ }
804
+ const allSessions = await strapi2.documents(SESSION_UID$3).findMany({
805
+ filters: { user: { documentId: userDocId } },
806
+ limit: 5,
807
+ fields: ["isActive", "lastActive"]
808
+ });
809
+ const totalSessions = allSessions?.length || 0;
810
+ const hasInactiveSessions = allSessions?.some((s3) => s3.isActive === false);
811
+ if (hasInactiveSessions) {
791
812
  strapi2.log.info(
792
- `[magic-sessionmanager] [JWT-BLOCKED] Valid JWT but no active session (user: ${userDocId.substring(0, 8)}..., total sessions: ${allSessions?.length || 0})`
813
+ `[magic-sessionmanager] [JWT-BLOCKED] User ${userDocId.substring(0, 8)}... was logged out (${totalSessions} inactive sessions)`
793
814
  );
794
815
  return null;
795
816
  }
817
+ if (totalSessions === 0) {
818
+ if (strictMode) {
819
+ strapi2.log.info(
820
+ `[magic-sessionmanager] [JWT-BLOCKED] No sessions exist for user ${userDocId.substring(0, 8)}... (strictMode enabled)`
821
+ );
822
+ return null;
823
+ }
824
+ strapi2.log.warn(
825
+ `[magic-sessionmanager] [JWT-WARN] No session found for user ${userDocId.substring(0, 8)}... (allowing - session may not have been created)`
826
+ );
827
+ return decoded;
828
+ }
829
+ strapi2.log.warn(
830
+ `[magic-sessionmanager] [JWT-ALLOW] Unexpected session state for user ${userDocId.substring(0, 8)}... (allowing)`
831
+ );
796
832
  return decoded;
797
833
  } catch (err) {
798
- strapi2.log.debug("[magic-sessionmanager] [AUTH] Session check error:", err.message);
834
+ strapi2.log.warn("[magic-sessionmanager] [JWT] Session check error (allowing):", err.message);
799
835
  return decoded;
800
836
  }
801
837
  };
@@ -2594,7 +2630,7 @@ var session$1 = ({ strapi: strapi2 }) => {
2594
2630
  }
2595
2631
  };
2596
2632
  };
2597
- const version$1 = "4.3.1";
2633
+ const version$1 = "4.3.3";
2598
2634
  const require$$2 = {
2599
2635
  version: version$1
2600
2636
  };
@@ -38918,6 +38954,8 @@ var sessionRequired$1 = async (policyContext, config2, { strapi: strapi2 }) => {
38918
38954
  if (!userDocId) {
38919
38955
  return true;
38920
38956
  }
38957
+ const config3 = strapi2.config.get("plugin::magic-sessionmanager") || {};
38958
+ const strictMode = config3.strictSessionEnforcement === true;
38921
38959
  const activeSessions = await strapi2.documents(SESSION_UID).findMany({
38922
38960
  filters: {
38923
38961
  user: { documentId: userDocId },
@@ -38925,12 +38963,30 @@ var sessionRequired$1 = async (policyContext, config2, { strapi: strapi2 }) => {
38925
38963
  },
38926
38964
  limit: 1
38927
38965
  });
38928
- if (!activeSessions || activeSessions.length === 0) {
38966
+ if (activeSessions && activeSessions.length > 0) {
38967
+ return true;
38968
+ }
38969
+ const allSessions = await strapi2.documents(SESSION_UID).findMany({
38970
+ filters: { user: { documentId: userDocId } },
38971
+ limit: 1,
38972
+ fields: ["isActive"]
38973
+ });
38974
+ const hasInactiveSessions = allSessions?.some((s3) => s3.isActive === false);
38975
+ if (hasInactiveSessions) {
38929
38976
  strapi2.log.info(
38930
- `[magic-sessionmanager] [POLICY-BLOCKED] JWT valid but no active session (user: ${userDocId.substring(0, 8)}...)`
38977
+ `[magic-sessionmanager] [POLICY-BLOCKED] Session terminated (user: ${userDocId.substring(0, 8)}...)`
38931
38978
  );
38932
38979
  throw new errors.UnauthorizedError("Session terminated. Please login again.");
38933
38980
  }
38981
+ if (strictMode) {
38982
+ strapi2.log.info(
38983
+ `[magic-sessionmanager] [POLICY-BLOCKED] No session exists (user: ${userDocId.substring(0, 8)}..., strictMode)`
38984
+ );
38985
+ throw new errors.UnauthorizedError("No valid session. Please login again.");
38986
+ }
38987
+ strapi2.log.warn(
38988
+ `[magic-sessionmanager] [POLICY-WARN] No session for user ${userDocId.substring(0, 8)}... (allowing)`
38989
+ );
38934
38990
  return true;
38935
38991
  } catch (err) {
38936
38992
  if (err instanceof errors.UnauthorizedError) {
package/package.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "4.3.2",
2
+ "version": "4.3.4",
3
3
  "keywords": [
4
4
  "strapi",
5
5
  "strapi-plugin",