Invalidate active sessions after password changing (#5872)

* Invalidate active sessions after password changing * Update CHANGELOG-DEV.md (#5872)
humhub · Sep 23, 2022 · 1ed3881 · 1ed3881
1 parent 7f9d9f2
commit 1ed3881
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 2 deletions.
diff --git a/CHANGELOG-DEV.md b/CHANGELOG-DEV.md
@@ -7,4 +7,4 @@ HumHub Changelog
 - Enh #5841: Possibility to show Members/Followers as list from Space about page
 - Enh #5850: Display all levels by default on info logging page
 - Enh #5864: Use Base URL from general settings for all generated absolute URLs
-
+- Enh #5872: Invalidate active sessions after password changing
diff --git a/protected/humhub/modules/user/migrations/m220919_104234_auth_key.php b/protected/humhub/modules/user/migrations/m220919_104234_auth_key.php
@@ -0,0 +1,25 @@
+<?php
+
+use humhub\components\Migration;
+
+/**
+ * Class m220919_104234_auth_key
+ */
+class m220919_104234_auth_key extends Migration
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function safeUp()
+    {
+        $this->safeAddColumn('user', 'auth_key', $this->string(32)->null());
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function safeDown()
+    {
+        $this->safeDropColumn('user', 'auth_key');
+    }
+}
diff --git a/protected/humhub/modules/user/models/Password.php b/protected/humhub/modules/user/models/Password.php
@@ -24,6 +24,8 @@
  * @property string $password
  * @property string $salt
  * @property string $created_at
+ *
+ * @property-read User $user
  */
 class Password extends ActiveRecord
 {
@@ -185,6 +187,7 @@ public function setPassword($newPassword)
         $this->salt = UUID::v4();
         $this->algorithm = $this->defaultAlgorithm;
         $this->password = $this->hashPassword($newPassword);
+        $this->user->auth_key = Yii::$app->security->generateRandomString(32);
     }
 
     public function getUser()
@@ -213,4 +216,15 @@ private function validateAdvancedPasswordRules($attribute, $params)
         }
     }
 
+    public function afterSave($insert, $changedAttributes)
+    {
+        parent::afterSave($insert, $changedAttributes);
+
+        if ($this->user->isAttributeChanged('auth_key') &&
+            $this->user->save() &&
+            $this->user->isCurrentUser()) {
+            Yii::$app->user->switchIdentity($this->user);
+        }
+    }
+
 }
diff --git a/protected/humhub/modules/user/models/User.php b/protected/humhub/modules/user/models/User.php
@@ -56,6 +56,7 @@
  * @property integer $updated_by
  * @property string $last_login
  * @property string $authclient_id
+ * @property string $auth_key
  * @property integer $visibility
  * @property integer $contentcontainer_id
  * @property Profile $profile
@@ -347,7 +348,7 @@ public function getId()
 
     public function getAuthKey()
     {
-        return $this->guid;
+        return $this->auth_key ?: $this->guid;
     }
 
     public function validateAuthKey($authKey)