bgme/mastodon
1
0
Fork 0
mirror of https://github.com/yingziwu/mastodon.git synced 2026-02-25 11:42:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

Merge commit from fork

Browse source 
* Ensure tootctl revokes sessions, access tokens and web push subscriptions

* Fix test coverage
This commit is contained in:
Emelia Smith 2025-10-13 14:20:23 +02:00 committed by GitHub
parent 8d09e4ef23
commit 24dcb18013
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 25 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

13
app/models/user.rb
View file

@ -361,17 +361,22 @@ class User < ApplicationRecord
end
def reset_password!
# First, change password to something random, this revokes sessions and on-going access:
change_password!(SecureRandom.hex)
# Finally, send a reset password prompt to the user
send_reset_password_instructions
end
def change_password!(new_password)
# First, change password to something random and deactivate all sessions
transaction do
update(password: SecureRandom.hex)
update(password: new_password)
session_activations.destroy_all
end
# Then, remove all authorized applications and connected push subscriptions
revoke_access!
# Finally, send a reset password prompt to the user
send_reset_password_instructions
end
protected