revoke access tokens on password change

2026-03-18 08:06:35 +00:00 · 2016-06-05 16:39:37 -04:00
parent 2e040f9c0c
commit 9fc028b3d7
3 changed files with 13 additions and 6 deletions
--- a/MediaBrowser.Server.Implementations/Session/SessionManager.cs
+++ b/MediaBrowser.Server.Implementations/Session/SessionManager.cs
@@ -1451,7 +1451,7 @@ namespace MediaBrowser.Server.Implementations.Session
            }
        }

-        public async Task RevokeUserTokens(string userId)
+        public async Task RevokeUserTokens(string userId, string currentAccessToken)
        {
            var existing = _authRepo.Get(new AuthenticationInfoQuery
            {
@@ -1461,7 +1461,10 @@ namespace MediaBrowser.Server.Implementations.Session

            foreach (var info in existing.Items)
            {
-                await Logout(info.AccessToken).ConfigureAwait(false);
+                if (!string.Equals(currentAccessToken, info.AccessToken, StringComparison.OrdinalIgnoreCase))
+                {
+                    await Logout(info.AccessToken).ConfigureAwait(false);
+                }
            }
        }