From 99a6307415279737986c731abdf769f669fce463 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Tue, 3 Jan 2017 21:22:12 -0500 Subject: [PATCH] Flush all user remember me sessions when changing password --- ChangeLog | 1 + app/models/remember_me.php | 8 ++++++++ app/models/user.php | 2 ++ 3 files changed, 11 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6b4d336..6cf46cf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,7 @@ Version 1.2.0 (unreleased) * Show last parsing error message in user interface * Disable automatically a feed after too many failures * Add support for Expires and Cache-Control headers (HTTP cache) +* Flush all user remember me sessions when changing password * Update Docker image to Ubuntu 16.04 and PHP 7.0 * Add Docker compose file * Add functional tests (Json-RPC API and Fever API) diff --git a/app/models/remember_me.php b/app/models/remember_me.php index 4ca30c1..1259da4 100644 --- a/app/models/remember_me.php +++ b/app/models/remember_me.php @@ -87,6 +87,14 @@ function cleanup() ->remove(); } +function remove_user_sessions($user_id) +{ + return Database::getInstance('db') + ->table(TABLE) + ->eq('user_id', $user_id) + ->remove(); +} + function update($token) { $new_sequence = Helper\generate_token(); diff --git a/app/models/user.php b/app/models/user.php index 4eb894b..4ae10cf 100644 --- a/app/models/user.php +++ b/app/models/user.php @@ -3,6 +3,7 @@ namespace Miniflux\Model\User; use PicoDb\Database; +use Miniflux\Model; use Miniflux\Helper; const TABLE = 'users'; @@ -43,6 +44,7 @@ function update_user($user_id, $username, $password = null, $is_admin = null) if ($password !== null) { $values['password'] = password_hash($password, PASSWORD_BCRYPT); + Model\RememberMe\remove_user_sessions($user_id); } if ($is_admin !== null) {