iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Delete all other sessions after setting a new password

This commit is contained in:
Igor Scheller 2023-09-17 20:47:28 +02:00 committed by Michael Weimann
parent dbb089315f
commit c06cb767da
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Controllers/SettingsController.php
View File

@ -145,6 +145,11 @@ class SettingsController extends BaseController
$this->addNotification('settings.password.success'); $this->addNotification('settings.password.success');
$this->log->info('User set new password.'); $this->log->info('User set new password.');
$user->sessions()
->getQuery()
->where('id', '!=', session()->getId())
->delete();
} }
return $this->redirect->to('/settings/password'); return $this->redirect->to('/settings/password');

7
tests/Unit/Controllers/SettingsControllerTest.php
View File

@ -283,6 +283,13 @@ class SettingsControllerTest extends ControllerTest
$session = $this->app->get('session'); $session = $this->app->get('session');
$messages = $session->get('messages.' . NotificationType::MESSAGE->value); $messages = $session->get('messages.' . NotificationType::MESSAGE->value);
$this->assertEquals('settings.password.success', $messages[0]); $this->assertEquals('settings.password.success', $messages[0]);
$this->assertCount(
1,
SessionModel::whereUserId($this->user->id)->get(),
'All other user sessions should be deleted after setting a new password'
);
$this->assertCount(2, SessionModel::all()); // Current session and another one should be still there
} }
/** /**