diff --git a/src/controllers/accounts/profile.js b/src/controllers/accounts/profile.js index edfd085cdc..37585921ff 100644 --- a/src/controllers/accounts/profile.js +++ b/src/controllers/accounts/profile.js @@ -66,7 +66,7 @@ profileController.get = async function (req, res, next) { }; async function incrementProfileViews(req, userData) { - if (req.uid >= 0) { + if (req.uid >= 1) { req.session.uids_viewed = req.session.uids_viewed || {}; if (req.uid !== userData.uid && (!req.session.uids_viewed[userData.uid] || req.session.uids_viewed[userData.uid] < Date.now() - 3600000)) { diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js index 2e112fb2db..11776c510c 100644 --- a/src/controllers/authentication.js +++ b/src/controllers/authentication.js @@ -399,7 +399,7 @@ authenticationController.localLogin = async function (req, username, password, n } }; -const regenerateAsync = util.promisify((req, callback) => req.session.regenerate(callback)); +const destroyAsync = util.promisify((req, callback) => req.session.destroy(callback)); authenticationController.logout = async function (req, res, next) { if (!req.loggedIn || !req.sessionID) { @@ -412,7 +412,10 @@ authenticationController.logout = async function (req, res, next) { await user.auth.revokeSession(sessionID, uid); req.logout(); - await regenerateAsync(req); + await destroyAsync(req); + res.clearCookie('express.sid', { + path: nconf.get('relative_path'), + }); req.uid = 0; req.headers['x-csrf-token'] = req.csrfToken(); diff --git a/src/controllers/topics.js b/src/controllers/topics.js index 1f72f04152..5ac12e629d 100644 --- a/src/controllers/topics.js +++ b/src/controllers/topics.js @@ -127,7 +127,7 @@ function calculateStartStop(page, postIndex, settings) { } function incrementViewCount(req, tid) { - if (req.uid >= 0) { + if (req.uid >= 1) { req.session.tids_viewed = req.session.tids_viewed || {}; if (!req.session.tids_viewed[tid] || req.session.tids_viewed[tid] < Date.now() - 3600000) { topics.increaseViewCount(tid); diff --git a/src/middleware/index.js b/src/middleware/index.js index 5d13b8eab0..fedd035ad3 100644 --- a/src/middleware/index.js +++ b/src/middleware/index.js @@ -31,7 +31,9 @@ middleware.regexes = { timestampedUpload: /^\d+-.+$/, }; -middleware.applyCSRF = csrf(); +middleware.applyCSRF = csrf({ + cookie: true, +}); middleware.ensureLoggedIn = ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login'); diff --git a/test/controllers.js b/test/controllers.js index 81c7b73fc2..649f077156 100644 --- a/test/controllers.js +++ b/test/controllers.js @@ -1398,20 +1398,51 @@ describe('Controllers', function () { }); }); - it('should increase profile view', function (done) { + it('should not increase profile view if you visit your own profile', (done) => { + request(nconf.get('url') + '/api/user/foo', { jar: jar }, function (err, res) { + assert.ifError(err); + assert.equal(res.statusCode, 200); + setTimeout(function () { + user.getUserField(fooUid, 'profileviews', function (err, viewcount) { + assert.ifError(err); + assert(viewcount === 0); + done(); + }); + }, 500); + }); + }); + + it('should not increase profile view if a guest visits a profile', (done) => { request(nconf.get('url') + '/api/user/foo', { }, function (err, res) { assert.ifError(err); assert.equal(res.statusCode, 200); setTimeout(function () { user.getUserField(fooUid, 'profileviews', function (err, viewcount) { assert.ifError(err); - assert(viewcount > 0); + assert(viewcount === 0); done(); }); }, 500); }); }); + it('should increase profile view', function (done) { + helpers.loginUser('regularJoe', 'barbar', function (err, jar) { + assert.ifError(err); + request(nconf.get('url') + '/api/user/foo', { jar: jar }, function (err, res) { + assert.ifError(err); + assert.equal(res.statusCode, 200); + setTimeout(function () { + user.getUserField(fooUid, 'profileviews', function (err, viewcount) { + assert.ifError(err); + assert(viewcount > 0); + done(); + }); + }, 500); + }); + }); + }); + it('should parse about me', function (done) { user.setUserFields(fooUid, { picture: '/path/to/picture', aboutme: 'hi i am a bot' }, function (err) { assert.ifError(err);