Merge pull request #4021 from lchaglla/preserveAccessTokens

Add a flag to preserve access tokens on email/password change
2018-10-08 09:46:44 +02:00 · 2018-10-08 09:46:44 +02:00 · 97a55bf67a
parent 0bb7cd67ec 2b7b0e1cc1
commit 97a55bf67a
2 changed files with 13 additions and 0 deletions
--- a/common/models/user.js
+++ b/common/models/user.js
@ -1385,6 +1385,8 @@ module.exports = function(User) {

    if (!newEmail && !newPassword) return next();

+    if (ctx.options.preserveAccessTokens) return next();
+
    var userIdsToExpire = ctx.hookState.originalUserData.filter(function(u) {
      return (newEmail && u.email !== newEmail) ||
        (newPassword && u.password !== newPassword);
--- a/test/user.test.js
+++ b/test/user.test.js
@ -2755,6 +2755,17 @@ describe('User', function() {
      ], done);
    });

+    it('keeps sessions sessions when preserveAccessTokens is passed in options', function(done) {
+      user.updateAttributes(
+        {email: 'invalidateAccessTokens@example.com'},
+        {preserveAccessTokens: true},
+        function(err, userInstance) {
+          if (err) return done(err);
+          assertPreservedTokens(done);
+        }
+      );
+    });
+
    it('preserves other users\' sessions if their email is  untouched', function(done) {
      var user1, user2, user3;
      async.series([