diff --git a/public/src/client/account/settings.js b/public/src/client/account/settings.js index c7d28c885b..1060492bf0 100644 --- a/public/src/client/account/settings.js +++ b/public/src/client/account/settings.js @@ -113,7 +113,7 @@ define('forum/account/settings', ['forum/account/header', 'components'], functio // This is done via DELETE because a user shouldn't be able to // revoke his own session! This is what logout is for $.ajax({ - url: config.relative_path + '/user/' + ajaxify.data.userslug + '/session/' + uuid, + url: config.relative_path + '/api/user/' + ajaxify.data.userslug + '/session/' + uuid, method: 'delete', headers: { 'x-csrf-token': config.csrf_token @@ -121,7 +121,15 @@ define('forum/account/settings', ['forum/account/header', 'components'], functio }).done(function() { parentEl.remove(); }).fail(function(err) { - app.alertError(err.responseText); + try { + var errorObj = JSON.parse(err.responseText); + if (errorObj.loggedIn === false) { + window.location.href = config.relative_path + '/login?error=' + errorObj.title; + } + app.alertError(errorObj.title); + } catch (e) { + app.alertError('[[error:invalid-data]]'); + } }); } }); diff --git a/src/controllers/index.js b/src/controllers/index.js index 51e87b613c..bd6daa6581 100644 --- a/src/controllers/index.js +++ b/src/controllers/index.js @@ -108,6 +108,8 @@ Controllers.login = function(req, res, next) { var errorText; if (req.query.error === 'csrf-invalid') { errorText = '[[error:csrf-invalid]]'; + } else if (req.query.error) { + errorText = req.query.error; } data.alternate_logins = loginStrategies.length > 0; diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js index cbede05028..a1c98b0c3d 100644 --- a/src/middleware/middleware.js +++ b/src/middleware/middleware.js @@ -287,7 +287,7 @@ middleware.requireUser = function(req, res, next) { return next(); } - res.render('403', {title: '[[global:403.title]]'}); + res.status(403).render('403', {title: '[[global:403.title]]'}); }; middleware.privateUploads = function(req, res, next) { diff --git a/src/routes/accounts.js b/src/routes/accounts.js index e60d2bcc99..5bd0a474e3 100644 --- a/src/routes/accounts.js +++ b/src/routes/accounts.js @@ -28,7 +28,7 @@ module.exports = function (app, middleware, controllers) { setupPageRoute(app, '/user/:userslug/info', middleware, accountMiddlewares, controllers.accounts.info.get); setupPageRoute(app, '/user/:userslug/settings', middleware, accountMiddlewares, controllers.accounts.settings.get); - app.delete('/user/:userslug/session/:uuid', accountMiddlewares, controllers.accounts.session.revoke); + app.delete('/api/user/:userslug/session/:uuid', [middleware.requireUser, middleware.exposeUid], controllers.accounts.session.revoke); setupPageRoute(app, '/notifications', middleware, [middleware.authenticate], controllers.accounts.notifications.get); setupPageRoute(app, '/chats/:roomid?', middleware, [middleware.authenticate], controllers.accounts.chats.get);