Unify password changing and invalidate auth tokens (#27625)
- Unify the password changing code - Invalidate existing auth tokens when changing passwords
This commit is contained in:
parent
f8b471ace1
commit
688d4a1f71
3 changed files with 20 additions and 1 deletions
|
@ -54,6 +54,11 @@ func DeleteAuthTokenByID(ctx context.Context, id string) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func DeleteAuthTokensByUserID(ctx context.Context, uid int64) error {
|
||||||
|
_, err := db.GetEngine(ctx).Where(builder.Eq{"user_id": uid}).Delete(&AuthToken{})
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
func DeleteExpiredAuthTokens(ctx context.Context) error {
|
func DeleteExpiredAuthTokens(ctx context.Context) error {
|
||||||
_, err := db.GetEngine(ctx).Where(builder.Lt{"expires_unix": timeutil.TimeStampNow()}).Delete(&AuthToken{})
|
_, err := db.GetEngine(ctx).Where(builder.Lt{"expires_unix": timeutil.TimeStampNow()}).Delete(&AuthToken{})
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -187,6 +187,10 @@ func deleteUser(ctx context.Context, u *user_model.User, purge bool) (err error)
|
||||||
}
|
}
|
||||||
// ***** END: ExternalLoginUser *****
|
// ***** END: ExternalLoginUser *****
|
||||||
|
|
||||||
|
if err := auth_model.DeleteAuthTokensByUserID(ctx, u.ID); err != nil {
|
||||||
|
return fmt.Errorf("DeleteAuthTokensByUserID: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
if _, err = db.DeleteByID[user_model.User](ctx, u.ID); err != nil {
|
if _, err = db.DeleteByID[user_model.User](ctx, u.ID); err != nil {
|
||||||
return fmt.Errorf("delete: %w", err)
|
return fmt.Errorf("delete: %w", err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -183,6 +183,7 @@ func UpdateAuth(ctx context.Context, u *user_model.User, opts *UpdateAuthOptions
|
||||||
u.LoginName = opts.LoginName.Value()
|
u.LoginName = opts.LoginName.Value()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
deleteAuthTokens := false
|
||||||
if opts.Password.Has() && (u.IsLocal() || u.IsOAuth2()) {
|
if opts.Password.Has() && (u.IsLocal() || u.IsOAuth2()) {
|
||||||
password := opts.Password.Value()
|
password := opts.Password.Value()
|
||||||
|
|
||||||
|
@ -199,6 +200,8 @@ func UpdateAuth(ctx context.Context, u *user_model.User, opts *UpdateAuthOptions
|
||||||
if err := u.SetPassword(password); err != nil {
|
if err := u.SetPassword(password); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
deleteAuthTokens = true
|
||||||
}
|
}
|
||||||
|
|
||||||
if opts.MustChangePassword.Has() {
|
if opts.MustChangePassword.Has() {
|
||||||
|
@ -208,5 +211,12 @@ func UpdateAuth(ctx context.Context, u *user_model.User, opts *UpdateAuthOptions
|
||||||
u.ProhibitLogin = opts.ProhibitLogin.Value()
|
u.ProhibitLogin = opts.ProhibitLogin.Value()
|
||||||
}
|
}
|
||||||
|
|
||||||
return user_model.UpdateUserCols(ctx, u, "login_type", "login_source", "login_name", "passwd", "passwd_hash_algo", "salt", "must_change_password", "prohibit_login")
|
if err := user_model.UpdateUserCols(ctx, u, "login_type", "login_source", "login_name", "passwd", "passwd_hash_algo", "salt", "must_change_password", "prohibit_login"); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if deleteAuthTokens {
|
||||||
|
return auth_model.DeleteAuthTokensByUserID(ctx, u.ID)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue