hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Delete Tokens and Authorizations on password change

Browse source 
Closes: https://git.pleroma.social/pleroma/pleroma/issues/320
This commit is contained in:
Haelwenn (lanodan) Monnier 2018-10-14 01:45:11 +02:00
commit eacab0fb05
No known key found for this signature in database
GPG key ID: D5B7A8E43C997DEE
5 changed files with 77 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
lib/pleroma/user.ex
View file

@ -4,7 +4,7 @@ defmodule Pleroma.User do
import Ecto.{Changeset, Query}
alias Pleroma.{Repo, User, Object, Web, Activity, Notification}
alias Comeonin.Pbkdf2
alias Pleroma.Web.{OStatus, Websub}
alias Pleroma.Web.{OStatus, Websub, OAuth}
alias Pleroma.Web.ActivityPub.{Utils, ActivityPub}
schema "users" do
@ -132,6 +132,9 @@ defmodule Pleroma.User do
|> validate_required([:password, :password_confirmation])
|> validate_confirmation(:password)
OAuth.Token.delete_user_tokens(struct)
OAuth.Authorization.delete_user_authorizations(struct)
if changeset.valid? do
hashed = Pbkdf2.hashpwsalt(changeset.changes[:password])