feat: invalidate old token after changing the password (close #5515)

2023-11-13 15:22:42 +08:00
parent a7421d8fc2
commit 3d51845f57
6 changed files with 24 additions and 6 deletions
--- a/server/handles/auth.go
+++ b/server/handles/auth.go
@ -78,7 +78,7 @@ func loginHash(c *gin.Context, req *LoginReq) {
 		}
 	}
 	// generate token
-	token, err := common.GenerateToken(user.Username)
+	token, err := common.GenerateToken(user)
 	if err != nil {
 		common.ErrorResp(c, err, 400, true)
 		return
--- a/server/handles/ssologin.go
+++ b/server/handles/ssologin.go
@ -260,7 +260,7 @@ func OIDCLoginCallback(c *gin.Context) {
 				common.ErrorResp(c, err, 400)
 			}
 		}
-		token, err := common.GenerateToken(user.Username)
+		token, err := common.GenerateToken(user)
 		if err != nil {
 			common.ErrorResp(c, err, 400)
 		}
@ -426,7 +426,7 @@ func SSOLoginCallback(c *gin.Context) {
 			return
 		}
 	}
-	token, err := common.GenerateToken(user.Username)
+	token, err := common.GenerateToken(user)
 	if err != nil {
 		common.ErrorResp(c, err, 400)
 	}
--- a/server/handles/webauthn.go
+++ b/server/handles/webauthn.go
@ -94,7 +94,7 @@ func FinishAuthnLogin(c *gin.Context) {
 		return
 	}

-	token, err := common.GenerateToken(user.Username)
+	token, err := common.GenerateToken(user)
 	if err != nil {
 		common.ErrorResp(c, err, 400, true)
 		return