github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(auth): invalidate session when permissions change EE-3320 (#8103)

pull/8197/head
Dakota Walsh 2022-12-14 10:12:00 +13:00 committed by GitHub
parent 930d9e5628
commit 0ddcad66f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
api/http/handler/users/user_update.go
View File

@ -108,14 +108,15 @@ func (handler *Handler) userUpdate(w http.ResponseWriter, r *http.Request) *http
user.TokenIssueAt = time.Now().Unix() user.TokenIssueAt = time.Now().Unix()
} }
if payload.Role != 0 {
user.Role = portainer.UserRole(payload.Role)
}
if payload.UserTheme != "" { if payload.UserTheme != "" {
user.UserTheme = payload.UserTheme user.UserTheme = payload.UserTheme
} }
if payload.Role != 0 {
user.Role = portainer.UserRole(payload.Role)
user.TokenIssueAt = time.Now().Unix()
}
err = handler.DataStore.User().UpdateUser(user.ID, user) err = handler.DataStore.User().UpdateUser(user.ID, user)
if err != nil { if err != nil {
return httperror.InternalServerError("Unable to persist user changes inside the database", err) return httperror.InternalServerError("Unable to persist user changes inside the database", err)

3
app/portainer/services/stateManager.js
View File

@ -52,6 +52,9 @@ function StateManagerFactory(
}; };
manager.resetPasswordChangeSkips = function (userID) { manager.resetPasswordChangeSkips = function (userID) {
if (!state.UI.timesPasswordChangeSkipped) {
return;
}
if (state.UI.timesPasswordChangeSkipped[userID]) state.UI.timesPasswordChangeSkipped[userID] = 0; if (state.UI.timesPasswordChangeSkipped[userID]) state.UI.timesPasswordChangeSkipped[userID] = 0;
LocalStorage.storeUIState(state.UI); LocalStorage.storeUIState(state.UI);
}; };