feat(user): implement session deletion on password reset
This commit is contained in:
Andras Bacsai
@@ -24,5 +24,6 @@ class ResetUserPassword implements ResetsUserPasswords
|
|||||||
$user->forceFill([
|
$user->forceFill([
|
||||||
'password' => Hash::make($input['password']),
|
'password' => Hash::make($input['password']),
|
||||||
])->save();
|
])->save();
|
||||||
|
$user->deleteAllSessions();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -39,7 +39,8 @@ class RootResetPassword extends Command
|
|||||||
}
|
}
|
||||||
$this->info('Updating root password...');
|
$this->info('Updating root password...');
|
||||||
try {
|
try {
|
||||||
User::find(0)->update(['password' => Hash::make($password)]);
|
$user = User::find(0);
|
||||||
|
$user->update(['password' => Hash::make($password)]);
|
||||||
$this->info('Root password updated successfully.');
|
$this->info('Root password updated successfully.');
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
$this->error('Failed to update root password.');
|
$this->error('Failed to update root password.');
|
||||||
|
|||||||
@@ -70,6 +70,7 @@ class Index extends Component
|
|||||||
$this->current_password = '';
|
$this->current_password = '';
|
||||||
$this->new_password = '';
|
$this->new_password = '';
|
||||||
$this->new_password_confirmation = '';
|
$this->new_password_confirmation = '';
|
||||||
|
$this->dispatch('reloadWindow');
|
||||||
} catch (\Throwable $e) {
|
} catch (\Throwable $e) {
|
||||||
return handleError($e, $this);
|
return handleError($e, $this);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ namespace App\Models;
|
|||||||
|
|
||||||
use App\Notifications\Channels\SendsEmail;
|
use App\Notifications\Channels\SendsEmail;
|
||||||
use App\Notifications\TransactionalEmails\ResetPassword as TransactionalEmailsResetPassword;
|
use App\Notifications\TransactionalEmails\ResetPassword as TransactionalEmailsResetPassword;
|
||||||
|
use App\Traits\DeletesUserSessions;
|
||||||
use DateTimeInterface;
|
use DateTimeInterface;
|
||||||
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
||||||
use Illuminate\Foundation\Auth\User as Authenticatable;
|
use Illuminate\Foundation\Auth\User as Authenticatable;
|
||||||
@@ -37,7 +38,7 @@ use OpenApi\Attributes as OA;
|
|||||||
)]
|
)]
|
||||||
class User extends Authenticatable implements SendsEmail
|
class User extends Authenticatable implements SendsEmail
|
||||||
{
|
{
|
||||||
use HasApiTokens, HasFactory, Notifiable, TwoFactorAuthenticatable;
|
use DeletesUserSessions, HasApiTokens, HasFactory, Notifiable, TwoFactorAuthenticatable;
|
||||||
|
|
||||||
protected $guarded = [];
|
protected $guarded = [];
|
||||||
|
|
||||||
@@ -57,6 +58,7 @@ class User extends Authenticatable implements SendsEmail
|
|||||||
protected static function boot()
|
protected static function boot()
|
||||||
{
|
{
|
||||||
parent::boot();
|
parent::boot();
|
||||||
|
|
||||||
static::created(function (User $user) {
|
static::created(function (User $user) {
|
||||||
$team = [
|
$team = [
|
||||||
'name' => $user->name."'s Team",
|
'name' => $user->name."'s Team",
|
||||||
|
|||||||
34
app/Traits/DeletesUserSessions.php
Normal file
34
app/Traits/DeletesUserSessions.php
Normal file
@@ -0,0 +1,34 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Traits;
|
||||||
|
|
||||||
|
use DB;
|
||||||
|
use Illuminate\Support\Facades\Session;
|
||||||
|
|
||||||
|
trait DeletesUserSessions
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Delete all sessions for the current user.
|
||||||
|
* This will force the user to log in again on all devices.
|
||||||
|
*/
|
||||||
|
public function deleteAllSessions(): void
|
||||||
|
{
|
||||||
|
// Invalidate the current session
|
||||||
|
Session::invalidate();
|
||||||
|
Session::regenerateToken();
|
||||||
|
DB::table('sessions')->where('user_id', $this->id)->delete();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Boot the trait.
|
||||||
|
*/
|
||||||
|
protected static function bootDeletesUserSessions()
|
||||||
|
{
|
||||||
|
static::updated(function ($user) {
|
||||||
|
// Check if password was changed
|
||||||
|
if ($user->isDirty('password')) {
|
||||||
|
$user->deleteAllSessions();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -19,6 +19,7 @@
|
|||||||
<h2>Change Password</h2>
|
<h2>Change Password</h2>
|
||||||
<x-forms.button type="submit" label="Save">Save</x-forms.button>
|
<x-forms.button type="submit" label="Save">Save</x-forms.button>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="text-xs font-bold text-warning pb-2">Resetting the password will logout all sessions.</div>
|
||||||
<div class="flex flex-col gap-2">
|
<div class="flex flex-col gap-2">
|
||||||
<x-forms.input id="current_password" label="Current Password" required type="password" />
|
<x-forms.input id="current_password" label="Current Password" required type="password" />
|
||||||
<div class="flex gap-2">
|
<div class="flex gap-2">
|
||||||
@@ -36,23 +37,21 @@
|
|||||||
<div class="flex flex-col gap-4">
|
<div class="flex flex-col gap-4">
|
||||||
<form action="/user/confirmed-two-factor-authentication" method="POST" class="flex items-end gap-2">
|
<form action="/user/confirmed-two-factor-authentication" method="POST" class="flex items-end gap-2">
|
||||||
@csrf
|
@csrf
|
||||||
<x-forms.input type="text" inputmode="numeric" pattern="[0-9]*" id="code" label="One time (OTP) code" required />
|
<x-forms.input type="text" inputmode="numeric" pattern="[0-9]*" id="code"
|
||||||
|
label="One time (OTP) code" required />
|
||||||
<x-forms.button type="submit">Validate 2FA</x-forms.button>
|
<x-forms.button type="submit">Validate 2FA</x-forms.button>
|
||||||
</form>
|
</form>
|
||||||
<div class="flex flex-col items-start">
|
<div class="flex flex-col items-start">
|
||||||
<div class="flex items-center justify-center w-80 h-80 bg-white p-4 border-4 border-gray-300 rounded-lg shadow-lg">
|
<div
|
||||||
|
class="flex items-center justify-center w-80 h-80 bg-white p-4 border-4 border-gray-300 rounded-lg shadow-lg">
|
||||||
{!! request()->user()->twoFactorQrCodeSvg() !!}
|
{!! request()->user()->twoFactorQrCodeSvg() !!}
|
||||||
</div>
|
</div>
|
||||||
<div x-data="{
|
<div x-data="{
|
||||||
showCode: false,
|
showCode: false,
|
||||||
}" class="py-4 w-full">
|
}" class="py-4 w-full">
|
||||||
<div class="flex flex-col gap-2 pb-2" x-show="showCode">
|
<div class="flex flex-col gap-2 pb-2" x-show="showCode">
|
||||||
<x-forms.copy-button
|
<x-forms.copy-button text="{{ decrypt(request()->user()->two_factor_secret) }}" />
|
||||||
text="{{ decrypt(request()->user()->two_factor_secret) }}"
|
<x-forms.copy-button text="{{ request()->user()->twoFactorQrCodeUrl() }}" />
|
||||||
/>
|
|
||||||
<x-forms.copy-button
|
|
||||||
text="{{ request()->user()->twoFactorQrCodeUrl() }}"
|
|
||||||
/>
|
|
||||||
</div>
|
</div>
|
||||||
<x-forms.button x-on:click="showCode = !showCode" class="mt-2">
|
<x-forms.button x-on:click="showCode = !showCode" class="mt-2">
|
||||||
<span x-text="showCode ? 'Hide Secret Key and OTP URL' : 'Show Secret Key and OTP URL'"></span>
|
<span x-text="showCode ? 'Hide Secret Key and OTP URL' : 'Show Secret Key and OTP URL'"></span>
|
||||||
|
|||||||
Reference in New Issue
Block a user