From 6027b969f542b29365875fa78dbf77765b12d290 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Sat, 16 Feb 2019 23:06:26 +0100 Subject: [PATCH] Delete old devices when deauthorizing user sessions --- src/api/admin.rs | 1 + src/api/core/accounts.rs | 1 + 2 files changed, 2 insertions(+) diff --git a/src/api/admin.rs b/src/api/admin.rs index 37b03c17..68a01387 100644 --- a/src/api/admin.rs +++ b/src/api/admin.rs @@ -171,6 +171,7 @@ fn deauth_user(uuid: String, _token: AdminToken, conn: DbConn) -> EmptyResult { None => err!("User doesn't exist"), }; + Device::delete_all_by_user(&user.uuid, &conn)?; user.reset_security_stamp(); user.save(&conn) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index beeb74b7..bc2d2868 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -322,6 +322,7 @@ fn post_sstamp(data: JsonUpcase, headers: Headers, conn: DbConn) - err!("Invalid password") } + Device::delete_all_by_user(&user.uuid, &conn)?; user.reset_security_stamp(); user.save(&conn) }