Skip to content

Commit

Permalink
Logout existing sessions after a username or password change
Browse files Browse the repository at this point in the history
  • Loading branch information
Func86 committed Sep 16, 2024
1 parent 4555a46 commit 24c7227
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
12 changes: 12 additions & 0 deletions src/webui/webapplication.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -299,13 +299,25 @@ const Http::Environment &WebApplication::env() const
return m_env;
}

void WebApplication::logoutAllSessions()
{
qDeleteAll(m_sessions);
m_sessions.clear();
}

void WebApplication::setUsername(const QString &username)
{
if (!m_username.isEmpty() && (m_username != username))
logoutAllSessions();
m_username = username;
m_authController->setUsername(username);
}

void WebApplication::setPasswordHash(const QByteArray &passwordHash)
{
if (!m_passwordHash.isEmpty() && (m_passwordHash != passwordHash))
logoutAllSessions();
m_passwordHash = passwordHash;
m_authController->setPasswordHash(passwordHash);
}

Expand Down
3 changes: 3 additions & 0 deletions src/webui/webapplication.h
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,7 @@ class WebApplication final : public ApplicationComponent<QObject>
// Session management
QString generateSid() const;
void sessionInitialize();
void logoutAllSessions();
bool isAuthNeeded();
bool isPublicAPI(const QString &scope, const QString &action) const;

Expand All @@ -137,6 +138,8 @@ class WebApplication final : public ApplicationComponent<QObject>

// Persistent data
QHash<QString, WebSession *> m_sessions;
QString m_username;
QByteArray m_passwordHash;

// Current data
WebSession *m_currentSession = nullptr;
Expand Down

0 comments on commit 24c7227

Please sign in to comment.