about summary refs log tree commit diff
path: root/app/controllers/auth/passwords_controller.rb
AgeCommit message (Collapse)Author
2020-07-07Fix other sessions not being logged out on password change (#14252)Eugen Rochko
While OAuth tokens were immediately revoked, accessing the home controller immediately generated new OAuth tokens and "revived" the session due to a combination of using remember_me tokens and overwriting the `authenticate_user!` method
2020-01-24Fix password change/reset not immediately invalidating other sessions (#12928)Eugen Rochko
While making browser requests in the other sessions after a password change or reset does not allow you to be logged in and correctly invalidates the session making the request, sessions have API tokens associated with them, which can still be used until that session is invalidated. This is a security issue for accounts that were already compromised some other way because it makes it harder to throw out the hijacker.
2018-07-31Compensate for scrollbar disappearing when media modal visible (#8100)Eugen Rochko
* Compensate for scrollbar disappearing when media modal visible Make auth pages backgrounds lighter * Fix typo
2017-08-03Redirect to PasswordController#new when reset_password_token is invalid (#4506)nullkal
2016-11-15Fix rubocop issues, introduce usage of frozen literal to improve performanceEugen Rochko
2016-03-26Remember user logins by defaultEugen Rochko
2016-03-05Customizing devise views and controllersEugen Rochko
generated by cgit-pink (git 2.37.1) at 2024-07-06 13:13:42 +0000