Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix other sessions not being logged out on password change #14252

Merged
merged 1 commit into from
Jul 7, 2020
Merged

Fix other sessions not being logged out on password change #14252

merged 1 commit into from
Jul 7, 2020

Conversation

Gargron
Copy link
Member

@Gargron Gargron commented Jul 7, 2020

While OAuth tokens were immediately revoked, accessing the home
controller immediately generated new OAuth tokens and "revived"
the session due to a combination of using remember_me tokens and
overwriting the authenticate_user! method

@Gargron
Fix other sessions not being logged out on password change
284a4b8 
While OAuth tokens were immediately revoked, accessing the home
controller immediately generated new OAuth tokens and "revived"
the session due to a combination of using remember_me tokens and
overwriting the `authenticate_user!` method
@Gargron Gargron added the security Security issues and fixes, vulnerabilities label Jul 7, 2020
@Gargron Gargron merged commit 8448702 into master Jul 7, 2020
@Gargron Gargron deleted the fix-forget-me-on-password-change branch July 7, 2020 13:27
@ghost ghost mentioned this pull request Jul 7, 2020
Closed
shouo1987 pushed a commit to CrossGate-Pawoo/mastodon that referenced this pull request Dec 7, 2022
@Gargron
Fix other sessions not being logged out on password change (mastodon#…
fb38868 
…14252)

While OAuth tokens were immediately revoked, accessing the home
controller immediately generated new OAuth tokens and "revived"
the session due to a combination of using remember_me tokens and
overwriting the `authenticate_user!` method
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security Security issues and fixes, vulnerabilities
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@Gargron