IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

Properly revoke OAuth sessions when revoking all user sessions.

Browse Source
This commit is contained in:
JoramWilander
2015-09-24 08:02:01 -04:00
parent 00b5f604c9
commit 10108bb54c
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
api/user.go
View File

@@ -466,10 +466,14 @@ func RevokeAllSession(c *Context, userId string) {
for _, session := range sessions {
c.LogAuditWithUserId(userId, "session_id="+session.Id)
sessionCache.Remove(session.Token)
if result := <-Srv.Store.Session().Remove(session.Id); result.Err != nil {
c.Err = result.Err
return
if session.IsOAuth {
RevokeAccessToken(session.Token)
} else {
sessionCache.Remove(session.Token)
if result := <-Srv.Store.Session().Remove(session.Id); result.Err != nil {
c.Err = result.Err
return
}
}
}
}