diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2020-11-12 23:05:01 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-11-12 23:05:01 +0100 |
| commit | 8532429af749339a3ff6af4130de3743cd8d1c68 (patch) | |
| tree | 72baeae5c43531708a03e2c504fcab3e24d5ec6f /app/controllers/api | |
| parent | 9870b175b477bbc984fc7945f1ebe07e3f2b0053 (diff) | |
Fix 2FA/sign-in token sessions being valid after password change (#14802)
If someone tries logging in to an account and is prompted for a 2FA code or sign-in token, even if the account's password or e-mail is updated in the meantime, the session will show the prompt and allow the login process to complete with a valid 2FA code or sign-in token
Diffstat (limited to 'app/controllers/api')
| -rw-r--r-- | app/controllers/api/base_controller.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index e962c4e97..fe199e689 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -103,7 +103,7 @@ class Api::BaseController < ApplicationController elsif !current_user.functional? render json: { error: 'Your login is currently disabled' }, status: 403 else - set_user_activity + update_user_sign_in end end |