Invalidate all user sessions when destroying the account#7506
Merged
Invalidate all user sessions when destroying the account#7506
Conversation
Contributor
Author
|
This needs to be backported to 0.23 and 0.24 |
mrcasals
added a commit
that referenced
this pull request
Mar 2, 2021
* Invalidate all user sessions when destroying the account * Add migration to automatically invalidate all sessions for deleted users * Lint code
mrcasals
added a commit
that referenced
this pull request
Mar 2, 2021
* Invalidate all user sessions when destroying the account * Add migration to automatically invalidate all sessions for deleted users * Lint code
mrcasals
added a commit
that referenced
this pull request
Mar 2, 2021
mrcasals
added a commit
that referenced
this pull request
Mar 3, 2021
entantoencuanto
added a commit
that referenced
this pull request
Mar 4, 2021
* develop: Update the workflow cleanup action to the latest version (#7535) Don't schedule CI jobs for locales PRs (#7534) Fix record encryptor trying to decrypt or decode non-String values (#7536) Add Votings landing page to the design app (#7527) New Crowdin updates (#7530) Fix non-unique IDs element in filter hash cash (#7531) New Crowdin updates (#7485) Add statistics cell to votings landing page and reuse it in other places (#7413) Add Votings landing page layout (#7440) Add share modal to budgets (#7519) Do not change the global test app configs during specs (#7525) Change the order of attachments in budgets (#7524) Remove console warnings from the conversations views (#7523) Don't allow filtering meetings by user group if setting is disabled (#7514) Remove duplicated migration (#7517) New Admin users cannot accept Terms and conditions (#7516) Let installations delay TranslatorJob initialization (#7507) Exit on CI workflow dispatch failures (#7502) Invalidate all user sessions when destroying the account (#7506) Audit vote (#7442)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎩 What? Why?
If you have multiple sessions open (in multiple browsers), and from one of them you delete the account, you're still logged into the other sessions. This causes users to be able to participate, but their name will always appear as "Deleted user". This has been reported in Decidim Barcelona.
This PR invalidates the other sessions after destroying the account.
📌 Related Issues
Builds on top of #5553.
Testing
Ensure CI is green.