To piggy back @PhilfromOz question. Is there a way to export forum reports/stats ?
Logout User from external website
-
Re: User Logout from external application
Hi,
I am new using nodebb, so I created a subdomain with the forum and it is connected with a Wordpress site with the SSO Wordpress plugin.
I managed to logout the user from wordpress when he logs out from nodebb via a POST Request to wordpress. But I can't do the oposit thing, I mean I can't remove session on nodebb when I logout on Wordpress.
I have created a custom plugin using the quickstart plugin, I created a route in API but I am not able to find the session to remove...
I am reaching this API method:
plugin.addRoutes = async ({ router, middleware, helpers }) => { const middlewares = [ middleware.ensureLoggedIn, // use this if you want only registered users to call this route // middleware.admin.checkPrivileges, // use this to restrict the route to administrators ]; routeHelpers.setupApiRoute(router, 'get', '/quickstart/:user_slug', middlewares, async (req, res) => { // Here I can search for user based on user_slug param const uid = await User.getUidByUserslug(req.params.user_slug); console.log('UID: ' + uid); // At this point I need to delete the users Session("sess:id") // How I get the "id" const result = await db.get('sess:id'); console.log(result); helpers.formatApiResponse(200, res, { status: 'success' }); }); };
Can anyone to give me a hint on how can I manage this?
Thanks in advance. -
-
@julian ok, I tried to send an XHR request but got 403...
var http = new XMLHttpRequest(); var params = 'orem=ipsum&name=binny'; http.open('POST', 'https://forum.example.com/logout', true); http.setRequestHeader('Content-type', 'application/x-www-form-urlencoded'); http.setRequestHeader('Authorization', 'Bearer <TOKEN>'); http.onreadystatechange = function() { if(http.readyState == 4 && http.status == 200) { alert(http.responseText); } } http.send(params);
-
@julian Yesterday I found a workaround. I don't think that it is the cleanest way to do it ...
On the wordpres site I make a Curl POST Request:
$req = curl_init(); curl_setopt($req, CURLOPT_URL, "https://forum.example.com/api/v3/plugins/quickstart/<user_slug>?_uid=<admin_uid>"); curl_setopt($req, CURLOPT_PORT , 443); curl_setopt($req, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "Authorization: Bearer <TOKEN>")); $daata = curl_exec($req); if(!curl_errno($req)){ $info = curl_getinfo($req); echo 'Took ' . $info['total_time'] . ' seconds to send a request to ' . $info['url']; } else { echo 'Curl error: ' . curl_error($req); }
On the Nodebb plugin I receive the request and connect directly to mongodb and remove the session of the requested user:
routeHelpers.setupApiRoute(router, 'get', '/quickstart/:user_slug', middlewares, async (req, res) => { const uri = "mongodb://<user>:<pass>@<host>:27017"; const client = new MongoClient(uri); const uid = await User.getUidByUserslug(req.params.user_slug); MongoClient.connect(uri, async function(err, db) { if (err) throw err; const dbo = db.db("nodebb"); await dbo.collection("sessions").find({}).forEach(function(doc) { const data = JSON.parse(doc.session); if(data.passport.user == uid) { dbo.collection("sessions").deleteOne({'_id': doc._id}) console.log('Removed'); } }); db.close(); }); helpers.formatApiResponse(200, res, { status: 200, message: 'User successfully logged out.' }); });
This way it logs out. I think that there must be another solution for this.