From 6fde72a69335c80079363b7d26aa94e7f67400e1 Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 25 Aug 2022 12:24:26 -0700 Subject: [PATCH] Log user out of other devices when they change their password Signed-off-by: snipe --- app/Http/Controllers/ProfileController.php | 7 +++++-- app/Http/Kernel.php | 1 + 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php index 14f9ba81c0..38d4226dfa 100755 --- a/app/Http/Controllers/ProfileController.php +++ b/app/Http/Controllers/ProfileController.php @@ -4,7 +4,7 @@ namespace App\Http\Controllers; use App\Http\Requests\ImageUploadRequest; use App\Models\Setting; -use Auth; +use Illuminate\Support\Facades\Auth; use Gate; use Illuminate\Http\Request; use Illuminate\Support\Facades\Hash; @@ -133,7 +133,7 @@ class ProfileController extends Controller public function password() { $user = Auth::user(); - + return view('account/change-password', compact('user')); } @@ -186,6 +186,9 @@ class ProfileController extends Controller if (! $validator->fails()) { $user->password = Hash::make($request->input('password')); $user->save(); + + // Log the user out of other devices + Auth::logoutOtherDevices($request->input('password')); return redirect()->route('account.password.index')->with('success', 'Password updated!'); } diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 10f9fd3235..36014dc7de 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -43,6 +43,7 @@ class Kernel extends HttpKernel \App\Http\Middleware\CheckForTwoFactor::class, \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class, \App\Http\Middleware\AssetCountForSidebar::class, + \Illuminate\Session\Middleware\AuthenticateSession::class, ], 'api' => [