Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session not revoked when user password changes using Parse Dashboard #3289

Closed
anashalb opened this issue Dec 27, 2016 · 4 comments
Closed

Session not revoked when user password changes using Parse Dashboard #3289

anashalb opened this issue Dec 27, 2016 · 4 comments
Labels
type:question Support or code-level question

Comments

@anashalb
Copy link

Session is not being revoked when the user's password is changed from Parse Dashboard.

Code Ref
I noticed that the condition being checked is: if (this.query && !this.auth.isMaster), which means only non-Master authentication would allow sessions to be revoked. What about when master authentication is changing the user's password (e.g. Parse Dashboard)

Steps to reproduce

  1. Create a user in dashboard.
  2. Login the user using a rest call, which generates a session for the user.
  3. Go to dashboard and change the user's password.
  4. Observe that the Session for that user is not revoked.

Expected Results

According to the Parse Server defaults, the session is supposed to be revoked.

Actual Outcome

The session is not being revoked

Environment Setup

  • Server

    • parse-server version (Be specific! Don't say 'latest'.) : 2.2.24
    • Operating System: MacOS
    • Hardware:
    • Localhost or remote server? Localhost

  • Database

    • MongoDB version: v3.2.1
    • Storage engine: WiredTiger
    • Localhost or remote server? Localhost
@sricharan123
Copy link

same issue raised, i got the same problem. issue #3265 .

@fcoufour fcoufour mentioned this issue Jan 30, 2017
Closed
@flovilmart
Copy link
Contributor

@anashalb thanks for the info.

I'll fix this behaviour which is not intended.

  • _sessions will be clean up when password is updated
  • a new session will be created only if the user is not master

flovilmart added a commit that referenced this issue May 16, 2017
@flovilmart
Adds repro to issue #3289
10ab95b
acinader pushed a commit that referenced this issue May 16, 2017
@flovilmart
Always clear sessions when user password is updated (#3821)
17a2d26 
* Adds repro to  issue #3289

* Always clear sessions when password is updated
@pjbrigden
Copy link

Hey guys, do you think this issue will be resolved in the next Parse Server release? Keep up the good work!

@flovilmart
Copy link
Contributor

This has been merged and released, please re-open the issue if tis persists.

@flovilmart flovilmart mentioned this issue Oct 23, 2017
Closed
@mtrezza mtrezza added type:question Support or code-level question and removed 🔧 troubleshooting labels Jul 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:question Support or code-level question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@flovilmart @anashalb @mtrezza @sricharan123 @pjbrigden