From 88bef5c5ea5eb663147e603aaff1d0d3e82bb8b5 Mon Sep 17 00:00:00 2001 From: Shane Kilkelly Date: Fri, 1 Jul 2016 09:51:22 +0100 Subject: [PATCH] Add `revokeAllSessions` handler, when password is reset --- .../app/coffee/Features/User/UserController.coffee | 13 ++++++------- .../coffee/Features/User/UserSessionsManager.coffee | 4 ++++ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/services/web/app/coffee/Features/User/UserController.coffee b/services/web/app/coffee/Features/User/UserController.coffee index 3b7bbb5d29..1362da6823 100644 --- a/services/web/app/coffee/Features/User/UserController.coffee +++ b/services/web/app/coffee/Features/User/UserController.coffee @@ -121,16 +121,15 @@ module.exports = UserController = logger.log user: user, "password changed" AuthenticationManager.setUserPassword user._id, newPassword1, (error) -> return next(error) if error? - res.send - message: - type:'success' - text:'Your password has been changed' + UserSessionsManager.revokeAllSessions user, (err) -> + return next(err) if err + res.send + message: + type:'success' + text:'Your password has been changed' else logger.log user: user, "current password wrong" res.send message: type:'error' text:'Your old password is wrong' - - - diff --git a/services/web/app/coffee/Features/User/UserSessionsManager.coffee b/services/web/app/coffee/Features/User/UserSessionsManager.coffee index edd35f2f97..4804df004c 100644 --- a/services/web/app/coffee/Features/User/UserSessionsManager.coffee +++ b/services/web/app/coffee/Features/User/UserSessionsManager.coffee @@ -34,3 +34,7 @@ module.exports = UserSessionsManager = logger.err {err, user_id: user._id, sessionId}, "error while removing session key from UserSessions set" return callback(err) callback() + + revokeAllSessions: (user, callback=(err)->) -> + logger.log {user_id: user._id}, "revoking all existing sessions for user" + callback(null)