Delete all other sessions after setting a new password

This commit is contained in:
Igor Scheller 2023-09-17 20:47:28 +02:00 committed by Michael Weimann
parent dbb089315f
commit c06cb767da
2 changed files with 12 additions and 0 deletions

View File

@ -145,6 +145,11 @@ class SettingsController extends BaseController
$this->addNotification('settings.password.success');
$this->log->info('User set new password.');
$user->sessions()
->getQuery()
->where('id', '!=', session()->getId())
->delete();
}
return $this->redirect->to('/settings/password');

View File

@ -283,6 +283,13 @@ class SettingsControllerTest extends ControllerTest
$session = $this->app->get('session');
$messages = $session->get('messages.' . NotificationType::MESSAGE->value);
$this->assertEquals('settings.password.success', $messages[0]);
$this->assertCount(
1,
SessionModel::whereUserId($this->user->id)->get(),
'All other user sessions should be deleted after setting a new password'
);
$this->assertCount(2, SessionModel::all()); // Current session and another one should be still there
}
/**