-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Logout existing sessions after an auth config change #21304
base: master
Are you sure you want to change the base?
Conversation
f0ccfa3
to
c896268
Compare
c896268
to
24c7227
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Func86
I think the current state of the PR is the wrong approach.
You should invoke logoutAllSessions()
in if (hasKey(u"web_ui_username"_s))
and if (hasKey(u"web_ui_password"_s))
in appcontroller.cpp. And in if (const QString username = webUIUsername(); isValidWebUIUsername(username))
& if (const QString password = webUIPassword(); isValidWebUIPassword(password))
in optionsdialog.cpp
And you should not bother to check the previous value, just invoke logoutAllSessions()
within the if
block.
UPDATE, disregard the above. It should be done in WebUI::configure()
instead. This is where the server updates the configuration.
The same as currently. WebUI will have to store the previous username/password values to detect that they have changed. |
I think the following should work:
|
It could do the job.
It also mentions some other settings besides the username and password, changing which should lead to the termination of sessions. How about it? |
33ac9d1
to
12e1112
Compare
Done. |
4050ed9
to
8edda6b
Compare
src/base/preferences.cpp
Outdated
if (m_credentialsChanged) | ||
emit webCredentialsChanged(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (m_credentialsChanged) | |
emit webCredentialsChanged(); | |
if (m_credentialsChanged) | |
{ | |
emit webCredentialsChanged(); | |
m_credentialsChanged = false; | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you still need the changes in isessionmanager.h after applying the above suggestions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you still need the changes in isessionmanager.h after applying the above suggestions?
What? The change in isessionmanager.h
is for terminating sessions which bypassed authentication when the bypass is disabled or changed to possibly stricter than before.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change in isessionmanager.h is for terminating sessions which bypassed authentication when the bypass is disabled or changed to possibly stricter than before.
Why not just remove all sessions unconditionally when the option changed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be surprising for users with authenticated sessions to find they are logged out after changing these options.
By the way, we may want to disallow unauthenticated sessions to change the username/password.
8edda6b
to
43906ee
Compare
src/base/preferences.cpp
Outdated
if (m_credentialsChanged) | ||
emit webCredentialsChanged(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change in isessionmanager.h is for terminating sessions which bypassed authentication when the bypass is disabled or changed to possibly stricter than before.
Why not just remove all sessions unconditionally when the option changed?
68d3b4c
to
aad811a
Compare
c904cd0
to
1782c3b
Compare
1782c3b
to
99afe3c
Compare
Closes #18443.