catstodon/app
Eugen Rochko daf71573d0
Fix password change/reset not immediately invalidating other sessions (#12928)
While making browser requests in the other sessions after a password
change or reset does not allow you to be logged in and correctly
invalidates the session making the request, sessions have API tokens
associated with them, which can still be used until that session
is invalidated.

This is a security issue for accounts that were already compromised
some other way because it makes it harder to throw out the hijacker.
2020-01-24 00:20:38 +01:00
..
chewy Fix needlessly indexing unsearchable statuses into ElasticSearch (#12041) 2019-10-02 20:04:46 +02:00
controllers Fix password change/reset not immediately invalidating other sessions (#12928) 2020-01-24 00:20:38 +01:00
helpers Add announcements (#12662) 2020-01-23 22:00:13 +01:00
javascript New Crowdin translations (#12859) 2020-01-23 22:04:00 +01:00
lib Add announcements (#12662) 2020-01-23 22:00:13 +01:00
mailers Split AccountsHelper from StatusesHelper (#12078) 2019-10-24 22:50:09 +02:00
models Fix password change/reset not immediately invalidating other sessions (#12928) 2020-01-24 00:20:38 +01:00
policies Add announcements (#12662) 2020-01-23 22:00:13 +01:00
presenters Fix n+1 query for bookmarks on statuses (#12494) 2019-11-28 04:08:00 +01:00
serializers Add announcements (#12662) 2020-01-23 22:00:13 +01:00
services Fix invalid votes from the API being accepted (#12601) 2020-01-12 14:17:03 +01:00
validators Add announcements (#12662) 2020-01-23 22:00:13 +01:00
views Fix relationships page not showing results in admin UI (#12934) 2020-01-24 00:20:23 +01:00
workers Add announcements (#12662) 2020-01-23 22:00:13 +01:00