🐛 Fix session invalidation issue on password change.

2025-02-10 00:58:26 -05:00 · 2022-01-14 13:44:33 +01:00 · 2022-01-14 13:44:33 +01:00 · 03c91664cb
commit 03c91664cb
parent 13773d829a
3 changed files with 9 additions and 8 deletions
--- a/backend/src/app/http/session.clj
+++ b/backend/src/app/http/session.clj
@ -72,7 +72,7 @@
      (do
        (a/>!! (::events-ch cfg) id)
        (l/set-context! {:profile-id profile-id})
-        (handler (assoc request :profile-id profile-id)))
+        (handler (assoc request :profile-id profile-id :session-id id)))
      (handler request))))

 ;; --- STATE INIT: SESSION
--- a/backend/src/app/rpc/mutations/profile.clj
+++ b/backend/src/app/rpc/mutations/profile.clj
@ -385,6 +385,12 @@
      (invalidate-profile-session! conn (:id profile) session-id)
      nil)))

+(defn- invalidate-profile-session!
+  "Removes all sessions except the current one."
+  [conn profile-id session-id]
+  (let [sql "delete from http_session where profile_id = ? and id != ?"]
+    (:next.jdbc/update-count (db/exec-one! conn [sql profile-id session-id]))))
+
 (defn- validate-password!
  [conn {:keys [profile-id old-password] :as params}]
  (let [profile (db/get-by-id conn :profile profile-id)]
@ -399,12 +405,6 @@
              {:password (derive-password password)}
              {:id id}))

-(defn- invalidate-profile-session!
-  "Removes all sessions except the current one."
-  [conn profile-id session-id]
-  (let [sql "delete from http_session where profile_id = ? and id != ?"]
-    (:next.jdbc/update-count (db/exec-one! conn [sql profile-id session-id]))))
-
 ;; --- MUTATION: Update Photo

 (declare update-profile-photo)
--- a/frontend/src/app/main/ui/settings/password.cljs
+++ b/frontend/src/app/main/ui/settings/password.cljs
@ -27,7 +27,8 @@
      (st/emit! (dm/error msg)))))

 (defn- on-success
-  [_]
+  [form]
+  (reset! form nil)
  (let [msg (tr "dashboard.notifications.password-saved")]
    (st/emit! (dm/success msg))))