Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Revoke all authorized applications on password reset (#21325)

Browse source 
* Clear sessions on password change

* Rename User::clear_sessions to revoke_access for a clearer meaning

* Add reset paassword controller test

* Use User.find instead of User.find_for_authentication for reset password test

* Use redirect and render for better test meaning in reset password

Co-authored-by: Effy Elden <effy@effy.space>
This commit is contained in:
Francis Murillo 2022-12-15 14:47:06 +00:00 committed by GitHub
parent fe9eab51d1
commit 5fb1c3e934
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 73 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/auth/passwords_controller.rb
View file

@ -10,6 +10,8 @@ class Auth::PasswordsController < Devise::PasswordsController
super do |resource|
if resource.errors.empty?
resource.session_activations.destroy_all
resource.revoke_access!
end
end
end