From 0458acc6c9a55c28eea57d64c8117922bb3857f4 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Thu, 10 Dec 2020 16:43:37 +0100 Subject: [PATCH] On password change or account deletion, disconnect all user sessions --- api/users.go | 30 ++++++++++++++++++++++++++++-- storage/interface.go | 3 +++ storage/leveldb/session.go | 17 +++++++++++++++++ 3 files changed, 48 insertions(+), 2 deletions(-) diff --git a/api/users.go b/api/users.go index fcb64d7..3719bed 100644 --- a/api/users.go +++ b/api/users.go @@ -316,13 +316,26 @@ func changePassword(opts *config.Options, req *RequestResources, body io.Reader) } } - if err := storage.MainStore.UpdateUser(req.User); err != nil { + var sessions []*happydns.Session + var err error + if sessions, err = storage.MainStore.GetUserSessions(req.User); err != nil { + return APIErrorResponse{ + err: err, + } + } + + if err = storage.MainStore.UpdateUser(req.User); err != nil { return APIErrorResponse{ err: err, } } log.Printf("Change password for user %s", req.User.Email) + + for _, session := range sessions { + storage.MainStore.DeleteSession(session) + } + return logout(opts, req.Ps, body) } @@ -341,13 +354,26 @@ func deleteUser(opts *config.Options, req *RequestResources, body io.Reader) Res } } - if err := storage.MainStore.DeleteUser(req.User); err != nil { + var sessions []*happydns.Session + var err error + if sessions, err = storage.MainStore.GetUserSessions(req.User); err != nil { + return APIErrorResponse{ + err: err, + } + } + + if err = storage.MainStore.DeleteUser(req.User); err != nil { return APIErrorResponse{ err: err, } } log.Printf("User deleted: %s", req.User.Email) + + for _, session := range sessions { + storage.MainStore.DeleteSession(session) + } + return logout(opts, req.Ps, body) } diff --git a/storage/interface.go b/storage/interface.go index 91d7090..125215b 100644 --- a/storage/interface.go +++ b/storage/interface.go @@ -79,6 +79,9 @@ type Storage interface { // GetSession retrieves the Session with the given identifier. GetSession(id []byte) (*happydns.Session, error) + // GetUserSessions retrieves all Session for the given User. + GetUserSessions(user *happydns.User) ([]*happydns.Session, error) + // CreateSession creates a record in the database for the given Session. CreateSession(session *happydns.Session) error diff --git a/storage/leveldb/session.go b/storage/leveldb/session.go index 875d341..0533e1f 100644 --- a/storage/leveldb/session.go +++ b/storage/leveldb/session.go @@ -51,6 +51,23 @@ func (s *LevelDBStorage) GetSession(id []byte) (session *happydns.Session, err e return s.getSession(fmt.Sprintf("user.session-%x", id)) } +func (s *LevelDBStorage) GetUserSessions(user *happydns.User) (sessions []*happydns.Session, err error) { + iter := s.search("user.session-") + defer iter.Release() + + for iter.Next() { + var s happydns.Session + + err = decodeData(iter.Value(), &s) + if err != nil { + return + } + sessions = append(sessions, &s) + } + + return +} + func (s *LevelDBStorage) CreateSession(session *happydns.Session) error { key, id, err := s.findBytesKey("user.session-", 255) if err != nil {