From: David Lawrence Date: Fri, 6 Sep 2019 15:39:40 +0000 (-0400) Subject: Bug 1578805 - When changing password or enabling 2fa, previous sessions should be... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b582a69858772c950b67957051fd50d095c4e21f;p=thirdparty%2Fbugzilla.git Bug 1578805 - When changing password or enabling 2fa, previous sessions should be revoked in Bugzila --- diff --git a/template/en/default/account/prefs/account.html.tmpl b/template/en/default/account/prefs/account.html.tmpl index 64501eef6..db8633751 100644 --- a/template/en/default/account/prefs/account.html.tmpl +++ b/template/en/default/account/prefs/account.html.tmpl @@ -76,6 +76,13 @@ [% Param('passwdqc_desc') FILTER html_light %] + +   + + Warning: Changing your password will automatically log out + other login sessions except for the current one. + + New password: diff --git a/template/en/default/account/prefs/mfa.html.tmpl b/template/en/default/account/prefs/mfa.html.tmpl index 8185a91bb..66702ae4d 100644 --- a/template/en/default/account/prefs/mfa.html.tmpl +++ b/template/en/default/account/prefs/mfa.html.tmpl @@ -277,6 +277,12 @@ Require API key authentication for API requests preference after 2FA is enabled.

+ +

+ Warning: Changing your Two-factor authentication settings will + automatically log out other login sessions except for the current one. +

+ diff --git a/userprefs.cgi b/userprefs.cgi index fdd921536..e2127fe43 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -742,6 +742,11 @@ sub SaveMFAupdate { $user->update({keep_session => 1, keep_tokens => 1}); } + + # Invalidate all logins except for the current one + if ($action eq 'enable' || $action eq 'disable') { + Bugzilla->logout(LOGOUT_KEEP_CURRENT); + } } sub SaveMFAcallback {