Skip to content

RESTWS-844: Expire user sessions authenticated with old password. #486

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

RESTWS-844: Expire user sessions authenticated with old password. #486

wants to merge 1 commit into from

Conversation

@petmongrels
Copy link

@petmongrels petmongrels commented Jun 23, 2021
edited by mks-d
Loading

Ticket

https://issues.openmrs.org/browse/RESTWS-844

What I have done:

When a user's password is changed by the administrator or by the user oneself, then all the other active HTTP sessions are invalidated. This is to protect against scenario where the user thinks that his/her password may have been compromised.

@HerbertYiga
Copy link
Contributor

thanks @petmongrels you can first fix the conflicting files for this

@mks-d mks-d changed the title Expire sessions for a user which were logged in via the old password Expire user sessions authenticated via the old password. Jul 28, 2021
@mks-d mks-d changed the title Expire user sessions authenticated via the old password. Expire user sessions authenticated with old password. Jul 28, 2021
@mks-d mks-d changed the title Expire user sessions authenticated with old password. RESTWS-844: Expire user sessions authenticated with old password. Jul 28, 2021
@mks-d mks-d requested a review from dkayiwa July 28, 2021 14:31
mks-d
mks-d requested changes Jul 28, 2021
View reviewed changes
Copy link
Member

@mks-d mks-d left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@petmongrels thanks so much for this. I skimmed through it quickly and it all makes sense at first sight. However as @HerbertYiga pointed out, this is coming with merge conflicts, I suggest that you clear them out before @dkayiwa can go into a deeper review.

@jnsereko jnsereko mentioned this pull request Aug 7, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mks-d mks-d mks-d requested changes

@dkayiwa dkayiwa Awaiting requested review from dkayiwa

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@petmongrels @HerbertYiga @mks-d