Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[5.x] Logout user from other devices when changing password #10548

Merged
merged 10 commits into from
Aug 13, 2024
Merged

[5.x] Logout user from other devices when changing password #10548

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
eece4fc
Logout user from other devices when changing password
duncanmcclean Aug 1, 2024
ce191c7
Fix styling
duncanmcclean Aug 1, 2024
ae9a6dd
Don't use the `AuthenticateSession` in tests
duncanmcclean Aug 1, 2024
983630f
Ensure the `AuthenticateSession` middleware redirects to the right place
duncanmcclean Aug 1, 2024
e93f10d
This method only exists on Laravel 11.
duncanmcclean Aug 1, 2024
868e74d
Merge branch '5.x' into logout-from-other-devices-when-updating-own-p…
jasonvarga Aug 13, 2024
90e81e4
instead of logging out other uses, re-login yourself
jasonvarga Aug 13, 2024
ec1e079
use our own middleware that specifies the redirect
jasonvarga Aug 13, 2024
ffa2fd3
this doesnt seem necessary anymore
jasonvarga Aug 13, 2024
9903729
maybe it was after all
jasonvarga Aug 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions src/Http/Controllers/CP/Users/PasswordController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,10 @@

namespace Statamic\Http\Controllers\CP\Users;

use Illuminate\Auth\Events\OtherDeviceLogout;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\Rules\Password;
use Statamic\Events\UserPasswordChanged;
use Statamic\Exceptions\NotFoundHttpException;
Expand Down Expand Up @@ -31,6 +34,10 @@ public function update(Request $request, $user)

UserPasswordChanged::dispatch($user);

if ($currentPassword = $request->current_password) {
jasonvarga marked this conversation as resolved.
Show resolved Hide resolved
Auth::logoutOtherDevices($currentPassword);
}

return response('', 204);
}
}
1 change: 1 addition & 0 deletions src/Providers/CpServiceProvider.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ protected function registerMiddlewareGroups()
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Illuminate\Session\Middleware\AuthenticateSession::class,
\Statamic\Http\Middleware\CP\ContactOutpost::class,
\Statamic\Http\Middleware\CP\AuthGuard::class,
\Statamic\Http\Middleware\CP\AddToasts::class,
Expand Down
Loading