update status codes for getSession, clear cookies

Author: raclim

client/modules/User/actions.js

@@ -112,21 +112,19 @@ export function getUser() {
 }
 
 export function validateSession() {
-  return (dispatch, getState) => {
-    apiClient
-      .get('/session')
-      .then((response) => {
-        const state = getState();
-        if (state.user.username !== response.data.username) {
-          dispatch(showErrorModal('staleSession'));
-        }
-      })
-      .catch((error) => {
-        const { response } = error;
-        if (response.status === 404) {
-          dispatch(showErrorModal('staleSession'));
-        }
-      });
+  return async (dispatch, getState) => {
+    try {
+      const response = await apiClient.get('/session');
+      const state = getState();
+
+      if (state.user.username !== response.data.username) {
+        dispatch(showErrorModal('staleSession'));
+      }
+    } catch (error) {
+      if (error.response && error.response.status === 404) {
+        dispatch(showErrorModal('staleSession'));
+      }
+    }
   };
 }
 

server/controllers/session.controller.js

@@ -24,10 +24,16 @@ export function createSession(req, res, next) {
 }
 
 export function getSession(req, res) {
-  if (req.user && !req.user.banned) {
-    return res.json(userResponse(req.user));
+  if (!req.user) {
+    return res
+      .status(200)
+      .send({ message: 'Session does not exist.', user: null });
   }
-  return res.status(404).send({ message: 'Session does not exist' });
+  if (req.user.banned) {
+    return res.status(403).send({ message: 'Forbidden: User is banned.' });
+  }
+
+  return res.json(userResponse(req.user));
 }
 
 export function destroySession(req, res, next) {
@@ -41,6 +47,7 @@ export function destroySession(req, res, next) {
         next(error);
         return;
       }
+      res.clearCookie('connect.sid');
       res.json({ success: true });
     });
   });