helix-admin/helix-engage-server
1
0
Fork 0
mirror of https://dev.azure.com/globalhealthx/EMR/_git/helix-engage-server synced 2026-04-11 18:08:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: strict duplicate login lockout — one device per agent

Browse Source 
Block any login attempt when a session exists, regardless of user identity.
Same user on second device is blocked until logout or TTL expiry.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
saridsa2
2026-03-23 21:44:56 +05:30
parent e4a24feedb
commit 77c5335955
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/auth/auth.controller.ts
View File

@@ -127,9 +127,9 @@ export class AuthController {
throw new HttpException('Agent account not configured. Contact administrator.', 403); throw new HttpException('Agent account not configured. Contact administrator.', 403);
} }
// Check for duplicate login // Check for duplicate login — strict: one device only
const existingSession = await this.sessionService.isSessionLocked(agentConfig.ozonetelAgentId); const existingSession = await this.sessionService.isSessionLocked(agentConfig.ozonetelAgentId);
if (existingSession && existingSession !== memberId) { if (existingSession) {
throw new HttpException('You are already logged in on another device. Please log out there first.', 409); throw new HttpException('You are already logged in on another device. Please log out there first.', 409);
} }