From c89626877f69988f1cc5bca094a98312dfa7617b Mon Sep 17 00:00:00 2001
From: Func <Funcer@outlook.com>
Date: Fri, 6 Sep 2024 06:25:51 +0800
Subject: [PATCH] Logout existing sessions after a username or password change

Closes #18443
---
 src/webui/api/authcontroller.cpp | 4 ++++
 src/webui/api/isessionmanager.h  | 1 +
 src/webui/webapplication.cpp     | 6 ++++++
 src/webui/webapplication.h       | 1 +
 4 files changed, 12 insertions(+)

diff --git a/src/webui/api/authcontroller.cpp b/src/webui/api/authcontroller.cpp
index eb1d1baf237..1be335094a1 100644
--- a/src/webui/api/authcontroller.cpp
+++ b/src/webui/api/authcontroller.cpp
@@ -45,11 +45,15 @@ AuthController::AuthController(ISessionManager *sessionManager, IApplication *ap
 
 void AuthController::setUsername(const QString &username)
 {
+    if (!m_username.isEmpty() && (m_username != username))
+        m_sessionManager->logoutAllSessions();
     m_username = username;
 }
 
 void AuthController::setPasswordHash(const QByteArray &passwordHash)
 {
+    if (!m_passwordHash.isEmpty() && (m_passwordHash != passwordHash))
+        m_sessionManager->logoutAllSessions();
     m_passwordHash = passwordHash;
 }
 
diff --git a/src/webui/api/isessionmanager.h b/src/webui/api/isessionmanager.h
index 64396a7da9d..a650a14c0e9 100644
--- a/src/webui/api/isessionmanager.h
+++ b/src/webui/api/isessionmanager.h
@@ -45,4 +45,5 @@ struct ISessionManager
     virtual ISession *session() = 0;
     virtual void sessionStart() = 0;
     virtual void sessionEnd() = 0;
+    virtual void logoutAllSessions() = 0;
 };
diff --git a/src/webui/webapplication.cpp b/src/webui/webapplication.cpp
index ddcf391768e..0a1d93dc3c9 100644
--- a/src/webui/webapplication.cpp
+++ b/src/webui/webapplication.cpp
@@ -299,6 +299,12 @@ const Http::Environment &WebApplication::env() const
     return m_env;
 }
 
+void WebApplication::logoutAllSessions()
+{
+	qDeleteAll(m_sessions);
+	m_sessions.clear();
+}
+
 void WebApplication::setUsername(const QString &username)
 {
     m_authController->setUsername(username);
diff --git a/src/webui/webapplication.h b/src/webui/webapplication.h
index 80530b15dd3..207a8e7d387 100644
--- a/src/webui/webapplication.h
+++ b/src/webui/webapplication.h
@@ -111,6 +111,7 @@ class WebApplication final : public ApplicationComponent<QObject>
     WebSession *session() override;
     void sessionStart() override;
     void sessionEnd() override;
+    void logoutAllSessions() override;
 
     void doProcessRequest();
     void configure();