Windy/komga
1
0
Fork 0
mirror of https://github.com/gotson/komga.git synced 2025-01-09 04:08:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(api): expired sessions would not be destroyed

Browse Source
This commit is contained in:
Gauthier Roebroeck 2022-03-03 08:46:48 +08:00
parent fa04d9511a
commit 5ecc9c6785
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
View File

@ -10,6 +10,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.builders.WebSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.core.session.SessionRegistry
import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
@ -33,6 +34,7 @@ class SecurityConfiguration(
private val oidcUserService: OAuth2UserService<OidcUserRequest, OidcUser>,
private val sessionCookieName: String,
private val userAgentWebAuthenticationDetailsSource: WebAuthenticationDetailsSource,
private val sessionRegistry: SessionRegistry,
clientRegistrationRepository: InMemoryClientRegistrationRepository?,
) : WebSecurityConfigurerAdapter() {
@ -71,6 +73,12 @@ class SecurityConfiguration(
it.deleteCookies(sessionCookieName)
it.invalidateHttpSession(true)
}
.sessionManagement { session ->
session.sessionConcurrency {
it.sessionRegistry(sessionRegistry)
it.maximumSessions(-1)
}
}
if (oauth2Enabled) {
http.oauth2Login { oauth2 ->