gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions1

Fix other sessions not being logged out on password change ()

Browse source 
While OAuth tokens were immediately revoked, accessing the home
controller immediately generated new OAuth tokens and "revived"
the session due to a combination of using remember_me tokens and
overwriting the `authenticate_user!` method
This commit is contained in:
Eugen Rochko 2020-07-07 15:26:31 +02:00 committed by GitHub
parent 1c903c7ad6
commit 844870273f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 3 deletions
app/controllers/auth
passwords_controller.rb

5
app/controllers/auth/passwords_controller.rb
View file

@ -8,7 +8,10 @@ class Auth::PasswordsController < Devise::PasswordsController
def update
super do |resource|
resource.session_activations.destroy_all if resource.errors.empty?
if resource.errors.empty?
resource.session_activations.destroy_all
resource.forget_me!
end
end
end