Merge branch 'security/clear-oauth-with-password' into 'develop'

Delete Tokens and Authorizations on password change Closes #320 See merge request pleroma/pleroma!375
author: kaniini <nenolod@gmail.com> 2018-10-14 19:29:58 +0000
committer: kaniini <nenolod@gmail.com> 2018-10-14 19:29:58 +0000
commit: e0c035589a570d1be7bf0f2f9ab3d78b2ed79462 (patch)
tree: 5654d6c9657fd92cd05bdfee3e20d5898da982f2 /lib/pleroma/web/oauth/token.ex
parent: 117e005409c75c2d53df88fa19211823bdf3d61e (diff)
parent: eacab0fb056ffc018b7e0abea27db7af435dc553 (diff)
download: pleroma-e0c035589a570d1be7bf0f2f9ab3d78b2ed79462.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/pleroma/web/oauth/token.ex b/lib/pleroma/web/oauth/token.ex
index 343fc0c45..a77d5af35 100644
--- a/lib/pleroma/web/oauth/token.ex
+++ b/lib/pleroma/web/oauth/token.ex
@@ -1,6 +1,8 @@
 defmodule Pleroma.Web.OAuth.Token do
   use Ecto.Schema
 
+  import Ecto.Query
+
   alias Pleroma.{User, Repo}
   alias Pleroma.Web.OAuth.{Token, App, Authorization}
 
@@ -35,4 +37,12 @@ defmodule Pleroma.Web.OAuth.Token do
 
     Repo.insert(token)
   end
+
+  def delete_user_tokens(%User{id: user_id}) do
+    from(
+      t in Pleroma.Web.OAuth.Token,
+      where: t.user_id == ^user_id
+    )
+    |> Repo.delete_all()
+  end
 end
author	kaniini <nenolod@gmail.com>	2018-10-14 19:29:58 +0000
committer	kaniini <nenolod@gmail.com>	2018-10-14 19:29:58 +0000
commit	e0c035589a570d1be7bf0f2f9ab3d78b2ed79462 (patch)
tree	5654d6c9657fd92cd05bdfee3e20d5898da982f2 /lib/pleroma/web/oauth/token.ex
parent	117e005409c75c2d53df88fa19211823bdf3d61e (diff)
parent	eacab0fb056ffc018b7e0abea27db7af435dc553 (diff)
download	pleroma-e0c035589a570d1be7bf0f2f9ab3d78b2ed79462.tar.gz