diff options
| author | Luke Pulverenti <luke.pulverenti@gmail.com> | 2016-06-05 16:39:37 -0400 |
|---|---|---|
| committer | Luke Pulverenti <luke.pulverenti@gmail.com> | 2016-06-05 16:39:37 -0400 |
| commit | 9fc028b3d784a79fa7b4a7de8c28847e08f47167 (patch) | |
| tree | ee3a58e2d9dc7a4cc2add78ac676963c98185a3a | |
| parent | 2e040f9c0c3d8cca834687a7c729f14097f7a83b (diff) | |
revoke access tokens on password change
| -rw-r--r-- | MediaBrowser.Api/UserService.cs | 9 | ||||
| -rw-r--r-- | MediaBrowser.Controller/Session/ISessionManager.cs | 3 | ||||
| -rw-r--r-- | MediaBrowser.Server.Implementations/Session/SessionManager.cs | 7 |
3 files changed, 13 insertions, 6 deletions
diff --git a/MediaBrowser.Api/UserService.cs b/MediaBrowser.Api/UserService.cs index 9b611c397..07ff36c41 100644 --- a/MediaBrowser.Api/UserService.cs +++ b/MediaBrowser.Api/UserService.cs @@ -385,7 +385,7 @@ namespace MediaBrowser.Api throw new ResourceNotFoundException("User not found"); } - await _sessionMananger.RevokeUserTokens(user.Id.ToString("N")).ConfigureAwait(false); + await _sessionMananger.RevokeUserTokens(user.Id.ToString("N"), null).ConfigureAwait(false); await _userManager.DeleteUser(user).ConfigureAwait(false); } @@ -465,6 +465,10 @@ namespace MediaBrowser.Api } await _userManager.ChangePassword(user, request.NewPassword).ConfigureAwait(false); + + var currentToken = AuthorizationContext.GetAuthorizationInfo(Request).Token; + + await _sessionMananger.RevokeUserTokens(user.Id.ToString("N"), currentToken).ConfigureAwait(false); } } @@ -602,7 +606,8 @@ namespace MediaBrowser.Api throw new ArgumentException("There must be at least one enabled user in the system."); } - await _sessionMananger.RevokeUserTokens(user.Id.ToString("N")).ConfigureAwait(false); + var currentToken = AuthorizationContext.GetAuthorizationInfo(Request).Token; + await _sessionMananger.RevokeUserTokens(user.Id.ToString("N"), currentToken).ConfigureAwait(false); } await _userManager.UpdateUserPolicy(request.Id, request).ConfigureAwait(false); diff --git a/MediaBrowser.Controller/Session/ISessionManager.cs b/MediaBrowser.Controller/Session/ISessionManager.cs index fa74c5749..6659d1553 100644 --- a/MediaBrowser.Controller/Session/ISessionManager.cs +++ b/MediaBrowser.Controller/Session/ISessionManager.cs @@ -315,9 +315,8 @@ namespace MediaBrowser.Controller.Session /// <summary> /// Revokes the user tokens. /// </summary> - /// <param name="userId">The user identifier.</param> /// <returns>Task.</returns> - Task RevokeUserTokens(string userId); + Task RevokeUserTokens(string userId, string currentAccessToken); /// <summary> /// Revokes the token. diff --git a/MediaBrowser.Server.Implementations/Session/SessionManager.cs b/MediaBrowser.Server.Implementations/Session/SessionManager.cs index 4386b785a..098fe0b4d 100644 --- a/MediaBrowser.Server.Implementations/Session/SessionManager.cs +++ b/MediaBrowser.Server.Implementations/Session/SessionManager.cs @@ -1451,7 +1451,7 @@ namespace MediaBrowser.Server.Implementations.Session } } - public async Task RevokeUserTokens(string userId) + public async Task RevokeUserTokens(string userId, string currentAccessToken) { var existing = _authRepo.Get(new AuthenticationInfoQuery { @@ -1461,7 +1461,10 @@ namespace MediaBrowser.Server.Implementations.Session foreach (var info in existing.Items) { - await Logout(info.AccessToken).ConfigureAwait(false); + if (!string.Equals(currentAccessToken, info.AccessToken, StringComparison.OrdinalIgnoreCase)) + { + await Logout(info.AccessToken).ConfigureAwait(false); + } } } |