Skip to content
Snippets Groups Projects
Unverified Commit 660d1521 authored by Cam Saul's avatar Cam Saul Committed by GitHub
Browse files

Clear a User's Session on password change (#12199)

parent 017791ee
No related branches found
No related tags found
No related merge requests found
Expand all Hide whitespace changes
Inline Side-by-side
src/metabase/models/user.clj
+ 4
1
View file @ 660d1521
......@@ -12,7 +12,8 @@
[collection :as collection]
[permissions :as perms]
[permissions-group :as group]
[permissions-group-membership :as perm-membership :refer [PermissionsGroupMembership]]]
[permissions-group-membership :as perm-membership :refer [PermissionsGroupMembership]]
[session :refer [Session]]]
[metabase.util
[i18n :refer [trs]]
[schema :as su]]
......@@ -229,6 +230,8 @@
[user-id password]
(let [salt (str (UUID/randomUUID))
password (creds/hash-bcrypt (str salt password))]
;; when changing/resetting the password, kill any existing sessions
(db/simple-delete! Session :user_id user-id)
;; NOTE: any password change expires the password reset token
(db/update! User user-id
:password_salt salt
......
test/metabase/models/user_test.clj
+ 281
273
View file @ 660d1521
This diff is collapsed.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment