Skip to content

Commit

Permalink
Unify password changing and invalidate auth tokens (#27625)
Browse files Browse the repository at this point in the history
- Unify the password changing code
- Invalidate existing auth tokens when changing passwords
  • Loading branch information
KN4CK3R authored Feb 4, 2024
1 parent f8b471a commit 688d4a1
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 1 deletion.
5 changes: 5 additions & 0 deletions models/auth/auth_token.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,11 @@ func DeleteAuthTokenByID(ctx context.Context, id string) error {
return err
}

func DeleteAuthTokensByUserID(ctx context.Context, uid int64) error {
_, err := db.GetEngine(ctx).Where(builder.Eq{"user_id": uid}).Delete(&AuthToken{})
return err
}

func DeleteExpiredAuthTokens(ctx context.Context) error {
_, err := db.GetEngine(ctx).Where(builder.Lt{"expires_unix": timeutil.TimeStampNow()}).Delete(&AuthToken{})
return err
Expand Down
4 changes: 4 additions & 0 deletions services/user/delete.go
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,10 @@ func deleteUser(ctx context.Context, u *user_model.User, purge bool) (err error)
}
// ***** END: ExternalLoginUser *****

if err := auth_model.DeleteAuthTokensByUserID(ctx, u.ID); err != nil {
return fmt.Errorf("DeleteAuthTokensByUserID: %w", err)
}

if _, err = db.DeleteByID[user_model.User](ctx, u.ID); err != nil {
return fmt.Errorf("delete: %w", err)
}
Expand Down
12 changes: 11 additions & 1 deletion services/user/update.go
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,7 @@ func UpdateAuth(ctx context.Context, u *user_model.User, opts *UpdateAuthOptions
u.LoginName = opts.LoginName.Value()
}

deleteAuthTokens := false
if opts.Password.Has() && (u.IsLocal() || u.IsOAuth2()) {
password := opts.Password.Value()

Expand All @@ -199,6 +200,8 @@ func UpdateAuth(ctx context.Context, u *user_model.User, opts *UpdateAuthOptions
if err := u.SetPassword(password); err != nil {
return err
}

deleteAuthTokens = true
}

if opts.MustChangePassword.Has() {
Expand All @@ -208,5 +211,12 @@ func UpdateAuth(ctx context.Context, u *user_model.User, opts *UpdateAuthOptions
u.ProhibitLogin = opts.ProhibitLogin.Value()
}

return user_model.UpdateUserCols(ctx, u, "login_type", "login_source", "login_name", "passwd", "passwd_hash_algo", "salt", "must_change_password", "prohibit_login")
if err := user_model.UpdateUserCols(ctx, u, "login_type", "login_source", "login_name", "passwd", "passwd_hash_algo", "salt", "must_change_password", "prohibit_login"); err != nil {
return err
}

if deleteAuthTokens {
return auth_model.DeleteAuthTokensByUserID(ctx, u.ID)
}
return nil
}

0 comments on commit 688d4a1

Please sign in to comment.