From 061761f2245b419e6db5514e8ad3417d30370da0 Mon Sep 17 00:00:00 2001
From: Laurent Cozic <laurent@cozic.net>
Date: Tue, 21 Sep 2021 10:49:41 +0100
Subject: [PATCH] Server: Clear cookie when account has been deleted to allow
 viewing login page again

---
 packages/server/src/middleware/ownerHandler.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/packages/server/src/middleware/ownerHandler.ts b/packages/server/src/middleware/ownerHandler.ts
index 85ddbbc24..f422f3545 100644
--- a/packages/server/src/middleware/ownerHandler.ts
+++ b/packages/server/src/middleware/ownerHandler.ts
@@ -1,11 +1,15 @@
 import { AppContext, KoaNext } from '../utils/types';
 import { contextSessionId } from '../utils/requestUtils';
 import { ErrorForbidden } from '../utils/errors';
+import { cookieSet } from '../utils/cookies';
 
 export default async function(ctx: AppContext, next: KoaNext): Promise<void> {
 	const sessionId = contextSessionId(ctx, false);
 	const owner = sessionId ? await ctx.joplin.models.session().sessionUser(sessionId) : null;
-	if (owner && !owner.enabled) throw new ErrorForbidden('This user account is disabled. Please contact support.');
+	if (owner && !owner.enabled) {
+		cookieSet(ctx, 'sessionId', ''); // Clear cookie, otherwise the user cannot login at all anymore
+		throw new ErrorForbidden('This user account is disabled. Please contact support.');
+	}
 	ctx.joplin.owner = owner;
 	return next();
 }