пре 4 година · 9a09bf7964
--- a/apps/emqx_dashboard/src/emqx_dashboard_admin.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard_admin.erl
@@ -40,7 +40,7 @@
 
				 
			
 
				 -export([ sign_token/2
			
 
				         , verify_token/1
			
 
				-        , destroy_token_by_username/1
			
 
				+        , destroy_token_by_username/2
			
 
				         ]).
			
 
				 
			
 
				 -export([add_default_user/0]).
			
@@ -177,8 +177,13 @@ sign_token(Username, Password) ->
 
				 verify_token(Token) ->
			
 
				     emqx_dashboard_token:verify(Token).
			
 
				 
			
 
				-destroy_token_by_username(Username) ->
			
 
				-    emqx_dashboard_token:destroy_by_username(Username).
			
 
				+destroy_token_by_username(Username, Token) ->
			
 
				+    case emqx_dashboard_token:lookup(Token) of
			
 
				+        {ok, #mqtt_admin_jwt{username = Username}} ->
			
 
				+            emqx_dashboard_token:destroy(Token);
			
 
				+        _ ->
			
 
				+            {error, not_found}
			
 
				+    end.
			
 
				 
			
 
				 %%--------------------------------------------------------------------
			
 
				 %% Internal functions
			
--- a/apps/emqx_dashboard/src/emqx_dashboard_api.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard_api.erl
@@ -170,10 +170,14 @@ login(post, #{body := Params}) ->
 
				             {401, #{code => ?ERROR_USERNAME_OR_PWD, message => <<"Auth filed">>}}
			
 
				     end.
			
 
				 
			
 
				-logout(_, #{body := Params}) ->
			
 
				-    Username = maps:get(<<"username">>, Params),
			
 
				-    emqx_dashboard_admin:destroy_token_by_username(Username),
			
 
				-    {200}.
			
 
				+logout(_, #{body := #{<<"username">> := Username},
			
 
				+            headers := #{<<"authorization">> := <<"Bearer ", Token/binary>>}}) ->
			
 
				+    case emqx_dashboard_admin:destroy_token_by_username(Username, Token) of
			
 
				+        ok ->
			
 
				+            200;
			
 
				+        _R ->
			
 
				+            {401, 'BAD_TOKEN_OR_USERNAME', <<"Ensure your token & username">>}
			
 
				+    end.
			
 
				 
			
 
				 users(get, _Request) ->
			
 
				     {200, [row(User) || User <- emqx_dashboard_admin:all_users()]};
			
--- a/apps/emqx_dashboard/src/emqx_dashboard_token.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard_token.erl
@@ -22,6 +22,7 @@
 
				 
			
 
				 -export([ sign/2
			
 
				         , verify/1
			
 
				+        , lookup/1
			
 
				         , destroy/1
			
 
				         , destroy_by_username/1
			
 
				         ]).
			
@@ -121,14 +122,15 @@ do_verify(Token)->
 
				 
			
 
				 do_destroy(Token) ->
			
 
				     Fun = fun mnesia:delete/1,
			
 
				-    ekka_mnesia:transaction(?DASHBOARD_SHARD, Fun, [{?TAB, Token}]).
			
 
				+    {atomic, ok} = ekka_mnesia:transaction(?DASHBOARD_SHARD, Fun, [{?TAB, Token}]),
			
 
				+    ok.
			
 
				 
			
 
				 do_destroy_by_username(Username) ->
			
 
				     gen_server:cast(?MODULE, {destroy, Username}).
			
 
				 
			
 
				 %%--------------------------------------------------------------------
			
 
				 %% jwt internal util function
			
 
				-
			
 
				+-spec(lookup(Token :: binary()) -> {ok, #mqtt_admin_jwt{}} | {error, not_found}).
			
 
				 lookup(Token) ->
			
 
				     case mnesia:dirty_read(?TAB, Token) of
			
 
				         [JWT] -> {ok, JWT};