Flush all user remember me sessions when changing password

This commit is contained in:
Frederic Guillot 2017-01-03 21:22:12 -05:00
parent 11c5c7a7b7
commit 99a6307415
3 changed files with 11 additions and 0 deletions

View File

@ -14,6 +14,7 @@ Version 1.2.0 (unreleased)
* Show last parsing error message in user interface * Show last parsing error message in user interface
* Disable automatically a feed after too many failures * Disable automatically a feed after too many failures
* Add support for Expires and Cache-Control headers (HTTP cache) * Add support for Expires and Cache-Control headers (HTTP cache)
* Flush all user remember me sessions when changing password
* Update Docker image to Ubuntu 16.04 and PHP 7.0 * Update Docker image to Ubuntu 16.04 and PHP 7.0
* Add Docker compose file * Add Docker compose file
* Add functional tests (Json-RPC API and Fever API) * Add functional tests (Json-RPC API and Fever API)

View File

@ -87,6 +87,14 @@ function cleanup()
->remove(); ->remove();
} }
function remove_user_sessions($user_id)
{
return Database::getInstance('db')
->table(TABLE)
->eq('user_id', $user_id)
->remove();
}
function update($token) function update($token)
{ {
$new_sequence = Helper\generate_token(); $new_sequence = Helper\generate_token();

View File

@ -3,6 +3,7 @@
namespace Miniflux\Model\User; namespace Miniflux\Model\User;
use PicoDb\Database; use PicoDb\Database;
use Miniflux\Model;
use Miniflux\Helper; use Miniflux\Helper;
const TABLE = 'users'; const TABLE = 'users';
@ -43,6 +44,7 @@ function update_user($user_id, $username, $password = null, $is_admin = null)
if ($password !== null) { if ($password !== null) {
$values['password'] = password_hash($password, PASSWORD_BCRYPT); $values['password'] = password_hash($password, PASSWORD_BCRYPT);
Model\RememberMe\remove_user_sessions($user_id);
} }
if ($is_admin !== null) { if ($is_admin !== null) {