Merge pull request #4450 from JediKev/sessions/clear-sessions-on-reset

sessions: Clear On Password Set/Reset

Merge pull request #4450 from JediKev/sessions/clear-sessions-on-reset
sessions: Clear On Password Set/Reset
23b8995b · Peter Rotich · GitHub · 7c19892a · 1aaab76f · 23b8995b
Unverified Commit 23b8995b authored 6 years ago by Peter Rotich Committed by GitHub 6 years ago
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -1313,7 +1313,35 @@ abstract class PasswordPolicy {
    static function register($policy) {
        static::$registry[] = $policy;
    }
+    static function cleanSessions($model, $user=null) {
+        $criteria = array();
+        switch (true) {
+            case ($model instanceof Staff):
+                $criteria['user_id'] = $model->getId();
+                if ($user && ($model->getId() == $user->getId()))
+                    array_push($criteria,
+                        Q::not(array('session_id' => $user->session->session_id)));
+                break;
+            case ($model instanceof User):
+                $regexp = '_auth\|.*"user";[a-z]+:[0-9]+:{[a-z]+:[0-9]+:"id";[a-z]+:'.$model->getId();
+                $criteria['user_id'] = 0;
+                $criteria['session_data__regex'] = $regexp;
+                if ($user)
+                    array_push($criteria,
+                        Q::not(array('session_id' => $user->session->session_id)));
+                break;
+            default:
+                return false;
+        }
+        return SessionData::objects()->filter($criteria)->delete();
+    }
 }
+Signal::connect('auth.clean', array('PasswordPolicy', 'cleanSessions'));
 class osTicketPasswordPolicy
 extends PasswordPolicy {

--- a/include/class.client.php
+++ b/include/class.client.php
@@ -396,7 +396,7 @@ class ClientAccount extends UserAccount {
        global $cfg;
        // FIXME: Updates by agents should go through UserAccount::update()
-        global $thisstaff;
+        global $thisstaff, $thisclient;
        if ($thisstaff)
            return parent::update($vars, $errors);
@@ -454,6 +454,8 @@ class ClientAccount extends UserAccount {
            Signal::send('auth.pwchange', $this->getUser(), $info);
            $this->cancelResetTokens();
            $this->clearStatus(UserAccountStatus::REQUIRE_PASSWD_RESET);
+            // Clean sessions
+            Signal::send('auth.clean', $this->getUser(), $thisclient);
        }
        return $this->save();

--- a/include/class.staff.php
+++ b/include/class.staff.php
@@ -217,6 +217,8 @@ implements AuthenticatedUser, EmailContact, TemplateVariable {
    }
    function setPassword($new, $current=false) {
+        global $thisstaff;
        // Allow the backend to update the password. This is the preferred
        // method as it allows for integration with password policies and
        // also allows for remotely updating the password where possible and
@@ -241,6 +243,9 @@ implements AuthenticatedUser, EmailContact, TemplateVariable {
        $this->cancelResetTokens();
        $this->passwdreset = SqlFunction::NOW();
+        // Clean sessions
+        Signal::send('auth.clean', $this, $thisstaff);
        return $rv;
    }

--- a/include/class.user.php
+++ b/include/class.user.php
@@ -1033,6 +1033,8 @@ class UserAccount extends VerySimpleModel {
    function setPassword($new) {
        $this->set('passwd', Passwd::hash($new));
+        // Clean sessions
+        Signal::send('auth.clean', $this->getUser());
    }
    protected function sendUnlockEmail($template) {