diff options
author | JoramWilander <jwawilander@gmail.com> | 2015-09-24 08:02:01 -0400 |
---|---|---|
committer | JoramWilander <jwawilander@gmail.com> | 2015-09-28 14:39:36 -0400 |
commit | 10108bb54cc5cdc337c46fd56edd6448f82f8766 (patch) | |
tree | fdf6ce6c8b1aa26a9fd271fa96ebc700398741ee | |
parent | 00b5f604c995bd3faaf339766a58cd596d2ce005 (diff) | |
download | chat-10108bb54cc5cdc337c46fd56edd6448f82f8766.tar.gz chat-10108bb54cc5cdc337c46fd56edd6448f82f8766.tar.bz2 chat-10108bb54cc5cdc337c46fd56edd6448f82f8766.zip |
Properly revoke OAuth sessions when revoking all user sessions.
-rw-r--r-- | api/user.go | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/api/user.go b/api/user.go index 695ab2208..9718d534e 100644 --- a/api/user.go +++ b/api/user.go @@ -466,10 +466,14 @@ func RevokeAllSession(c *Context, userId string) { for _, session := range sessions { c.LogAuditWithUserId(userId, "session_id="+session.Id) - sessionCache.Remove(session.Token) - if result := <-Srv.Store.Session().Remove(session.Id); result.Err != nil { - c.Err = result.Err - return + if session.IsOAuth { + RevokeAccessToken(session.Token) + } else { + sessionCache.Remove(session.Token) + if result := <-Srv.Store.Session().Remove(session.Id); result.Err != nil { + c.Err = result.Err + return + } } } } |