Delete old devices when deauthorizing user sessions

pull/404/head
Daniel García 6 years ago
parent 93805a5d7b
commit 6027b969f5
No known key found for this signature in database
GPG Key ID: FC8A7D14C3CD543A

@ -171,6 +171,7 @@ fn deauth_user(uuid: String, _token: AdminToken, conn: DbConn) -> EmptyResult {
None => err!("User doesn't exist"), None => err!("User doesn't exist"),
}; };
Device::delete_all_by_user(&user.uuid, &conn)?;
user.reset_security_stamp(); user.reset_security_stamp();
user.save(&conn) user.save(&conn)

@ -322,6 +322,7 @@ fn post_sstamp(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -
err!("Invalid password") err!("Invalid password")
} }
Device::delete_all_by_user(&user.uuid, &conn)?;
user.reset_security_stamp(); user.reset_security_stamp();
user.save(&conn) user.save(&conn)
} }

Loading…
Cancel
Save