DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-02-02 08:21:09 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #11735 from snipe/security/logout_other_devices

Browse source 
Fixed: Log user out of other devices when they change their password
This commit is contained in:
snipe 2022-08-25 12:26:13 -07:00 committed by GitHub
parent c9ef49ec65 6fde72a693
commit 968f8fb554
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
app/Http/Controllers/ProfileController.php
View file

@ -4,7 +4,7 @@ namespace App\Http\Controllers;
use App\Http\Requests\ImageUploadRequest; use App\Http\Requests\ImageUploadRequest;
use App\Models\Setting; use App\Models\Setting;
use Auth; use Illuminate\Support\Facades\Auth;
use Gate; use Gate;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Hash;
@ -133,7 +133,7 @@ class ProfileController extends Controller
public function password() public function password()
{ {
$user = Auth::user(); $user = Auth::user();
return view('account/change-password', compact('user')); return view('account/change-password', compact('user'));
} }
@ -186,6 +186,9 @@ class ProfileController extends Controller
if (! $validator->fails()) { if (! $validator->fails()) {
$user->password = Hash::make($request->input('password')); $user->password = Hash::make($request->input('password'));
$user->save(); $user->save();
// Log the user out of other devices
Auth::logoutOtherDevices($request->input('password'));
return redirect()->route('account.password.index')->with('success', 'Password updated!'); return redirect()->route('account.password.index')->with('success', 'Password updated!');
} }

1
app/Http/Kernel.php
View file

@ -43,6 +43,7 @@ class Kernel extends HttpKernel
\App\Http\Middleware\CheckForTwoFactor::class, \App\Http\Middleware\CheckForTwoFactor::class,
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class, \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
\App\Http\Middleware\AssetCountForSidebar::class, \App\Http\Middleware\AssetCountForSidebar::class,
\Illuminate\Session\Middleware\AuthenticateSession::class,
], ],
'api' => [ 'api' => [