DeforaNetworks/corteza
DeforaNetworks/corteza
3
0
Fork 0
Code

Access token no longer removed on own pwd change

Browse Source
This commit is contained in:
Denis Arh 2022-08-24 09:50:14 +02:00
parent e5915b3424
commit e734f44795
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
system/service/user.go
View File

@ -663,6 +663,8 @@ func (svc user) SetPassword(ctx context.Context, userID uint64, newPassword stri
uaProps = &userActionProps{user: &types.User{ID: userID}}
a = UserActionSetPassword
self = internalAuth.GetIdentityFromContext(ctx).Identity() == userID
)
err = func() (err error) {
@ -680,8 +682,16 @@ func (svc user) SetPassword(ctx context.Context, userID uint64, newPassword stri
return UserErrNotAllowedToUpdateSystem()
}
if err = svc.auth.RemoveAccessTokens(ctx, u); err != nil {
return
if !self {
// when user is changing password for herself
// we should not remove the tokens!
//
// without this, user needs to log-in again
// and we do not want that if he is using general
// user management API/UI
if err = svc.auth.RemoveAccessTokens(ctx, u); err != nil {
return
}
}
if newPassword == "" {