From e44bee151a1296d9fadc44d4b1f9359ceede21e7 Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Tue, 3 May 2011 08:11:27 -0600
Subject: [PATCH] if the user comes into the ip with a valid cookie pointing to
 an unknown email address, purge the cookie.  this happens upon database purge

---
 authority/server/wsapi.js | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/authority/server/wsapi.js b/authority/server/wsapi.js
index 2c92b61c2..95099e470 100644
--- a/authority/server/wsapi.js
+++ b/authority/server/wsapi.js
@@ -158,7 +158,16 @@ exports.set_key = function (req, resp) {
 
 exports.am_authed = function(req,resp) {
   logRequest("am_authed", req.session);
-  httputils.jsonResponse(resp, isAuthed(req));
+  // if they're authenticated for an email address that we don't know about,
+  // then we should purge the stored cookie
+  if (!isAuthed(req)) {
+    httputils.jsonResponse(resp, false);
+  } else {
+    db.emailKnown(req.session.authenticatedUser, function (known) {
+      if (!known) req.session = {}
+      httputils.jsonResponse(resp, known);
+    });
+  }
 };
 
 exports.sync_emails = function(req,resp) {
-- 
GitLab