diff options
| author | Haelwenn (lanodan) Monnier <contact@hacktivis.me> | 2018-10-14 01:45:11 +0200 |
|---|---|---|
| committer | Haelwenn (lanodan) Monnier <contact@hacktivis.me> | 2018-10-14 02:14:54 +0200 |
| commit | eacab0fb056ffc018b7e0abea27db7af435dc553 (patch) | |
| tree | 5654d6c9657fd92cd05bdfee3e20d5898da982f2 /lib | |
| parent | 117e005409c75c2d53df88fa19211823bdf3d61e (diff) | |
| download | pleroma-eacab0fb056ffc018b7e0abea27db7af435dc553.tar.gz | |
Delete Tokens and Authorizations on password change
Closes: https://git.pleroma.social/pleroma/pleroma/issues/320
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/user.ex | 5 | ||||
| -rw-r--r-- | lib/pleroma/web/oauth/authorization.ex | 10 | ||||
| -rw-r--r-- | lib/pleroma/web/oauth/token.ex | 10 |
3 files changed, 23 insertions, 2 deletions
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index db6f96daa..e97224731 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -4,7 +4,7 @@ defmodule Pleroma.User do import Ecto.{Changeset, Query} alias Pleroma.{Repo, User, Object, Web, Activity, Notification} alias Comeonin.Pbkdf2 - alias Pleroma.Web.{OStatus, Websub} + alias Pleroma.Web.{OStatus, Websub, OAuth} alias Pleroma.Web.ActivityPub.{Utils, ActivityPub} schema "users" do @@ -132,6 +132,9 @@ defmodule Pleroma.User do |> validate_required([:password, :password_confirmation]) |> validate_confirmation(:password) + OAuth.Token.delete_user_tokens(struct) + OAuth.Authorization.delete_user_authorizations(struct) + if changeset.valid? do hashed = Pbkdf2.hashpwsalt(changeset.changes[:password]) diff --git a/lib/pleroma/web/oauth/authorization.ex b/lib/pleroma/web/oauth/authorization.ex index 23e8eb7b1..2cad4550a 100644 --- a/lib/pleroma/web/oauth/authorization.ex +++ b/lib/pleroma/web/oauth/authorization.ex @@ -4,7 +4,7 @@ defmodule Pleroma.Web.OAuth.Authorization do alias Pleroma.{User, Repo} alias Pleroma.Web.OAuth.{Authorization, App} - import Ecto.{Changeset} + import Ecto.{Changeset, Query} schema "oauth_authorizations" do field(:token, :string) @@ -45,4 +45,12 @@ defmodule Pleroma.Web.OAuth.Authorization do end def use_token(%Authorization{used: true}), do: {:error, "already used"} + + def delete_user_authorizations(%User{id: user_id}) do + from( + a in Pleroma.Web.OAuth.Authorization, + where: a.user_id == ^user_id + ) + |> Repo.delete_all() + end end diff --git a/lib/pleroma/web/oauth/token.ex b/lib/pleroma/web/oauth/token.ex index 343fc0c45..a77d5af35 100644 --- a/lib/pleroma/web/oauth/token.ex +++ b/lib/pleroma/web/oauth/token.ex @@ -1,6 +1,8 @@ defmodule Pleroma.Web.OAuth.Token do use Ecto.Schema + import Ecto.Query + alias Pleroma.{User, Repo} alias Pleroma.Web.OAuth.{Token, App, Authorization} @@ -35,4 +37,12 @@ defmodule Pleroma.Web.OAuth.Token do Repo.insert(token) end + + def delete_user_tokens(%User{id: user_id}) do + from( + t in Pleroma.Web.OAuth.Token, + where: t.user_id == ^user_id + ) + |> Repo.delete_all() + end end |