Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix password creation validation - validation does not fail after pas… #1332

Closed
wants to merge 1 commit into from
Closed

Fix password creation validation - validation does not fail after pas… #1332

wants to merge 1 commit into from

Conversation

colinmollenhour
Copy link
Member

…sword is changed.

Description (*)

Adds session validation information so that when the user changes their password all other sessions for their account become invalidated.

Fixed Issues (if relevant)

Unreported. Credit goes to Sakshi Patil for reporting via openmage.org email

Manual testing scenarios (*)

  1. Login with two sessions simultaneously (e.g. two different browsers)
  2. Change password on session 1

Before:

  • Session 2 is not logged out

After:

  • Session 2 is logged out

Contribution checklist (*)

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All automated tests passed successfully (all builds are green)

@colinmollenhour colinmollenhour marked this pull request as draft December 8, 2020 17:17
@github-actions github-actions bot added Component: Core Relates to Mage_Core Component: Customer Relates to Mage_Customer labels Dec 8, 2020
@fballiano
Copy link
Contributor

this is pretty important but not has conflicts with #546

@colinmollenhour colinmollenhour force-pushed the invalidate-session-after-password-update branch from 4fc9faf to 54f7f20 Compare April 4, 2023 19:15
@colinmollenhour colinmollenhour changed the base branch from 1.9.4.x to main April 4, 2023 19:15
@github-actions github-actions bot added Component: AdminNotification Relates to Mage_AdminNotification Component: Adminhtml Relates to Mage_Adminhtml Component: Admin Relates to Mage_Admin Component: Api PageRelates to Mage_Api Component: Api2 Relates to Mage_Api2 Component: Cm/RedisSession Relates to Cm_RedisSession ddev documentation environment htaccess Mage.php Relates to app/Mage.php php-cs-fixer phpcs phpstan PHPStorm phpunit and removed Component: Customer Relates to Mage_Customer Component: Core Relates to Mage_Core labels Apr 4, 2023
@colinmollenhour
Copy link
Member Author

Conflicts fixed and rebased onto main

@colinmollenhour colinmollenhour added the Rebased: RFC-0002 This PR has been rebased onto either 'main' or 'next' according to RFC-0002 label Apr 4, 2023
@colinmollenhour colinmollenhour marked this pull request as ready for review April 4, 2023 19:19
@kiatng
Copy link
Contributor

kiatng commented Apr 16, 2023

Fixed in PR #2916

@kiatng kiatng closed this Apr 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Component: Admin Relates to Mage_Admin Component: Adminhtml Relates to Mage_Adminhtml Component: AdminNotification Relates to Mage_AdminNotification Component: Api PageRelates to Mage_Api Component: Api2 Relates to Mage_Api2 Component: Cm/RedisSession Relates to Cm_RedisSession ddev documentation environment htaccess Mage.php Relates to app/Mage.php php-cs-fixer phpcs phpstan PHPStorm phpunit Rebased: RFC-0002 This PR has been rebased onto either 'main' or 'next' according to RFC-0002
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@colinmollenhour @fballiano @kiatng