Merge pull request #4021 from lchaglla/preserveAccessTokens

Add a flag to preserve access tokens on email/password change
This commit is contained in:
Miroslav Bajtoš 2018-10-08 09:46:44 +02:00 committed by GitHub
commit 97a55bf67a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 0 deletions

View File

@ -1385,6 +1385,8 @@ module.exports = function(User) {
if (!newEmail && !newPassword) return next(); if (!newEmail && !newPassword) return next();
if (ctx.options.preserveAccessTokens) return next();
var userIdsToExpire = ctx.hookState.originalUserData.filter(function(u) { var userIdsToExpire = ctx.hookState.originalUserData.filter(function(u) {
return (newEmail && u.email !== newEmail) || return (newEmail && u.email !== newEmail) ||
(newPassword && u.password !== newPassword); (newPassword && u.password !== newPassword);

View File

@ -2755,6 +2755,17 @@ describe('User', function() {
], done); ], done);
}); });
it('keeps sessions sessions when preserveAccessTokens is passed in options', function(done) {
user.updateAttributes(
{email: 'invalidateAccessTokens@example.com'},
{preserveAccessTokens: true},
function(err, userInstance) {
if (err) return done(err);
assertPreservedTokens(done);
}
);
});
it('preserves other users\' sessions if their email is untouched', function(done) { it('preserves other users\' sessions if their email is untouched', function(done) {
var user1, user2, user3; var user1, user2, user3;
async.series([ async.series([