public async isForcedSignOut()

in lambda/api/src/services/dynamoDBForcedSignoutHandler.ts [17:46]

• 20 lines of code
• 5 McCabe index (conditional complexity)

  public async isForcedSignOut(req: Request): Promise<boolean> {

    const key = this.getKey(req.username);

    try {

      const params = {
        TableName: this.tableName,
        Key: key,
      };

      const result = await this.docClient.get(params).promise();

      if (result.Item && typeof result.Item[this.lastForceSignOutTimeAttributeName] === "number") {

        const issuedAtInMillis = req.claims.iat * 1000; // issued at is in seconds since epoch
        // if the token was issued before the last time this user issued a forced sign out, deny
        // (any newer sign-in will generate newer tokens hence will pass this check, but older ones will require re-auth
        if (issuedAtInMillis < result.Item[this.lastForceSignOutTimeAttributeName]) {
          // optionally log the event
          // console.warn("Login attempt with a token issued before a forced sign out:" + req.username, req.rawHeaders);
          return true;
        }
      }
      return false;
    } catch (ex) {
      console.error("Error checking forced sign out", ex);
      throw ex;
    }
  }