Automatically resolve session creation conflicts

[fynnlyte]

If CouchDB or the express server crashes in the middle of processing a login request, a session token might already be generated but that token is not yet documented within sl-users. This leads to errors as:

Could not create session token with key: hgsi2BLWQleolfmw3JmscA - was inactiveSessions copied and does the key already exist?
Document update conflict.

Such conflicts should be resolved automatically. In case of a conflict error when creating the entry in _users:

• retrieve the doc
• verify that the UUID matches with the UUID of the user who is trying to log in
• update that doc and resolve instead of throwing an error

[jbgtmartin]

I have run into this issue as well. In my case, I think that this happened because I had an entry in inactiveSessions, but the session was still present in _users, resulting in a conflict error when trying to reuse the session (it tries to create a new _users entry with the same _id and no _rev, thus the conflict error).

I don't know why this happened, it seems pretty unusual, maybe my databases has crashed, or there was another random error in the middle of logoutSession() or removeExpiredKeys()...

In case you need a way to reproduce it:

• Log in
• Log out, or open a private browsing tab
• In sl-users, put your session's ID in inactiveSessions, and delete session
• Try to log in again => conflict error

[klues]

Just for information, if someone needs it: the fix is already merged to master of this repo, but no new release published to npm. I've done that for my fork, see https://www.npmjs.com/package/@klues/couch-auth. It includes the fix and we're using it in production until a new release is published for this repo.