Revoke all authorized applications on password reset (#21325)

* Clear sessions on password change * Rename User::clear_sessions to revoke_access for a clearer meaning * Add reset paassword controller test * Use User.find instead of User.find_for_authentication for reset password test * Use redirect and render for better test meaning in reset password Co-authored-by: Effy Elden <effy@effy.space>
author: Francis Murillo <evacuee.overlap.vs3op@aleeas.com> 2022-12-15 14:47:06 +0000
committer: GitHub <noreply@github.com> 2022-12-15 15:47:06 +0100
commit: 5fb1c3e934a1a782972ac2732ce7f0208c341ac2 (patch)
tree: 334d257639188b485a9e1b2eaebd611e99e5c4e0 /app/controllers/auth
parent: fe9eab51d140ee0e0343eb07982f0a7ce825398c (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/app/controllers/auth/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb
index 2996c0431..a8ad66929 100644
--- a/app/controllers/auth/passwords_controller.rb
+++ b/app/controllers/auth/passwords_controller.rb
@@ -10,6 +10,8 @@ class Auth::PasswordsController < Devise::PasswordsController
     super do |resource|
       if resource.errors.empty?
         resource.session_activations.destroy_all
+
+        resource.revoke_access!
       end
     end
   end
author	Francis Murillo <evacuee.overlap.vs3op@aleeas.com>	2022-12-15 14:47:06 +0000
committer	GitHub <noreply@github.com>	2022-12-15 15:47:06 +0100
commit	5fb1c3e934a1a782972ac2732ce7f0208c341ac2 (patch)
tree	334d257639188b485a9e1b2eaebd611e99e5c4e0 /app/controllers/auth
parent	fe9eab51d140ee0e0343eb07982f0a7ce825398c (diff)