diff options
author | Corey Hulen <corey@hulen.com> | 2015-09-28 15:08:39 -0700 |
---|---|---|
committer | Corey Hulen <corey@hulen.com> | 2015-09-28 15:08:39 -0700 |
commit | bef23cf1fce5be010cfbc1b5724081d8ecd8ae1e (patch) | |
tree | 219abb3edeabf5c8516d717674b9ae6017ee9d46 /api/user.go | |
parent | d70aec1f76be45e067622894856efcd962c0f5fd (diff) | |
parent | 10108bb54cc5cdc337c46fd56edd6448f82f8766 (diff) | |
download | chat-bef23cf1fce5be010cfbc1b5724081d8ecd8ae1e.tar.gz chat-bef23cf1fce5be010cfbc1b5724081d8ecd8ae1e.tar.bz2 chat-bef23cf1fce5be010cfbc1b5724081d8ecd8ae1e.zip |
Merge pull request #839 from mattermost/revoke-token
Properly revoke OAuth sessions when revoking all user sessions.
Diffstat (limited to 'api/user.go')
-rw-r--r-- | api/user.go | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/api/user.go b/api/user.go index 695ab2208..9718d534e 100644 --- a/api/user.go +++ b/api/user.go @@ -466,10 +466,14 @@ func RevokeAllSession(c *Context, userId string) { for _, session := range sessions { c.LogAuditWithUserId(userId, "session_id="+session.Id) - sessionCache.Remove(session.Token) - if result := <-Srv.Store.Session().Remove(session.Id); result.Err != nil { - c.Err = result.Err - return + if session.IsOAuth { + RevokeAccessToken(session.Token) + } else { + sessionCache.Remove(session.Token) + if result := <-Srv.Store.Session().Remove(session.Id); result.Err != nil { + c.Err = result.Err + return + } } } } |