Fix other sessions not being logged out on password change (mastodon#…

…14252) While OAuth tokens were immediately revoked, accessing the home controller immediately generated new OAuth tokens and "revived" the session due to a combination of using remember_me tokens and overwriting the `authenticate_user!` method
CrossGate-Pawoo · Jan 14, 2022 · fb38868 · fb38868
1 parent 29f268c
commit fb38868
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb
@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
 class Auth::RegistrationsController < Devise::RegistrationsController
-  include Pawoo::Auth::RegistrationsControllerConcern
   include Devise::Controllers::Rememberable
+  include Pawoo::Auth::RegistrationsControllerConcern
 
   layout :determine_layout