From 577e144d0bdfd4434b1183bc6247f154c21effcf Mon Sep 17 00:00:00 2001
From: Dominik Korsa <dominik.korsa@gmail.com>
Date: Mon, 18 Jan 2021 21:09:18 +0100
Subject: [PATCH] Remove prompt from session data on deny

---
 backend/src/routes/website-api/index.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/backend/src/routes/website-api/index.ts b/backend/src/routes/website-api/index.ts
index 5bd7a95..0bbaf85 100644
--- a/backend/src/routes/website-api/index.ts
+++ b/backend/src/routes/website-api/index.ts
@@ -45,8 +45,10 @@ export default async function registerWebsiteApi(server: MyFastifyInstance): Pro
       server.log.error(error);
       throw server.httpErrors.internalServerError();
     }
-    const prompt = getSessionData(request.session).prompts.get(request.query.prompt_id);
+    const sessionData = getSessionData(request.session);
+    const prompt = sessionData.prompts.get(request.query.prompt_id);
     if (!prompt) throw server.httpErrors.badRequest('Prompt data not found');
     await reply.redirect(`${prompt.redirectUri}?error=access_denied&error_description=${encodeURIComponent('User denied')}`);
+    sessionData.prompts.delete(request.query.prompt_id);
   });
 }