Merge pull request #839 from mattermost/revoke-token

Properly revoke OAuth sessions when revoking all user sessions.
author: Corey Hulen <corey@hulen.com> 2015-09-28 15:08:39 -0700
committer: Corey Hulen <corey@hulen.com> 2015-09-28 15:08:39 -0700
commit: bef23cf1fce5be010cfbc1b5724081d8ecd8ae1e (patch)
tree: 219abb3edeabf5c8516d717674b9ae6017ee9d46
parent: d70aec1f76be45e067622894856efcd962c0f5fd (diff)
parent: 10108bb54cc5cdc337c46fd56edd6448f82f8766 (diff)
download: chat-bef23cf1fce5be010cfbc1b5724081d8ecd8ae1e.tar.gz
chat-bef23cf1fce5be010cfbc1b5724081d8ecd8ae1e.tar.bz2
chat-bef23cf1fce5be010cfbc1b5724081d8ecd8ae1e.zip
1 files changed, 8 insertions, 4 deletions
diff --git a/api/user.go b/api/user.go
index 695ab2208..9718d534e 100644
--- a/api/user.go
+++ b/api/user.go
@@ -466,10 +466,14 @@ func RevokeAllSession(c *Context, userId string) {
 
 		for _, session := range sessions {
 			c.LogAuditWithUserId(userId, "session_id="+session.Id)
-			sessionCache.Remove(session.Token)
-			if result := <-Srv.Store.Session().Remove(session.Id); result.Err != nil {
-				c.Err = result.Err
-				return
+			if session.IsOAuth {
+				RevokeAccessToken(session.Token)
+			} else {
+				sessionCache.Remove(session.Token)
+				if result := <-Srv.Store.Session().Remove(session.Id); result.Err != nil {
+					c.Err = result.Err
+					return
+				}
 			}
 		}
 	}
author	Corey Hulen <corey@hulen.com>	2015-09-28 15:08:39 -0700
committer	Corey Hulen <corey@hulen.com>	2015-09-28 15:08:39 -0700
commit	bef23cf1fce5be010cfbc1b5724081d8ecd8ae1e (patch)
tree	219abb3edeabf5c8516d717674b9ae6017ee9d46
parent	d70aec1f76be45e067622894856efcd962c0f5fd (diff)
parent	10108bb54cc5cdc337c46fd56edd6448f82f8766 (diff)
download	chat-bef23cf1fce5be010cfbc1b5724081d8ecd8ae1e.tar.gz chat-bef23cf1fce5be010cfbc1b5724081d8ecd8ae1e.tar.bz2 chat-bef23cf1fce5be010cfbc1b5724081d8ecd8ae1e.zip