Logout existing sessions after a username or password change

Closes #18443
qbittorrent · Sep 15, 2024 · c896268 · c896268
1 parent 0ea35c5
commit c896268
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 0 deletions.
diff --git a/src/webui/api/authcontroller.cpp b/src/webui/api/authcontroller.cpp
@@ -45,11 +45,15 @@ AuthController::AuthController(ISessionManager *sessionManager, IApplication *ap
 
 void AuthController::setUsername(const QString &username)
 {
+    if (!m_username.isEmpty() && (m_username != username))
+        m_sessionManager->logoutAllSessions();
     m_username = username;
 }
 
 void AuthController::setPasswordHash(const QByteArray &passwordHash)
 {
+    if (!m_passwordHash.isEmpty() && (m_passwordHash != passwordHash))
+        m_sessionManager->logoutAllSessions();
     m_passwordHash = passwordHash;
 }
 

diff --git a/src/webui/api/isessionmanager.h b/src/webui/api/isessionmanager.h
@@ -45,4 +45,5 @@ struct ISessionManager
     virtual ISession *session() = 0;
     virtual void sessionStart() = 0;
     virtual void sessionEnd() = 0;
+    virtual void logoutAllSessions() = 0;
 };
diff --git a/src/webui/webapplication.cpp b/src/webui/webapplication.cpp
@@ -299,6 +299,12 @@ const Http::Environment &WebApplication::env() const
     return m_env;
 }
 
+void WebApplication::logoutAllSessions()
+{
+	qDeleteAll(m_sessions);
+	m_sessions.clear();
+}
+
 void WebApplication::setUsername(const QString &username)
 {
     m_authController->setUsername(username);

diff --git a/src/webui/webapplication.h b/src/webui/webapplication.h
@@ -111,6 +111,7 @@ class WebApplication final : public ApplicationComponent<QObject>
     WebSession *session() override;
     void sessionStart() override;
     void sessionEnd() override;
+    void logoutAllSessions() override;
 
     void doProcessRequest();
     void configure();