Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix streaming API allowing connections to persist after access token invalidation #15111

Merged
merged 1 commit into from
Nov 12, 2020
Merged

Fix streaming API allowing connections to persist after access token invalidation #15111

merged 1 commit into from
Nov 12, 2020

Conversation

Gargron
Copy link
Member

@Gargron Gargron commented Nov 9, 2020

Fix #14816

@Gargron Gargron force-pushed the fix-streaming-after-invalidated-token branch 2 times, most recently from 9d5b3b3 to 234f799 Compare November 11, 2020 19:23
@Gargron Gargron marked this pull request as ready for review November 11, 2020 19:23
@Gargron Gargron added the security Security issues and fixes, vulnerabilities label Nov 11, 2020
ClearlyClaire
ClearlyClaire approved these changes Nov 11, 2020
View reviewed changes
Copy link
Contributor

@ClearlyClaire ClearlyClaire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haven't tested it, but looks good to me.

@Gargron Gargron force-pushed the fix-streaming-after-invalidated-token branch from 234f799 to 5474da6 Compare November 12, 2020 01:55
@Gargron Gargron force-pushed the fix-streaming-after-invalidated-token branch from 5474da6 to f2faae8 Compare November 12, 2020 02:10
@Gargron
Copy link
Member Author

Gargron commented Nov 12, 2020

Note: I had to overwrite the revoke method on Doorkeeper::AccessToken because the original method using update_attribute was not triggering after_commit or after_update callbacks (which I am a little confused by because the documentation seems to suggest otherwise). With this, token revocation over the OAuth API as well as token deletion by a destroyed session are both covered.

@Gargron Gargron merged commit aa10200 into master Nov 12, 2020
@Gargron Gargron deleted the fix-streaming-after-invalidated-token branch November 12, 2020 22:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ClearlyClaire ClearlyClaire ClearlyClaire approved these changes

Assignees
No one assigned
Labels
security Security issues and fixes, vulnerabilities
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Home Timeline, Notifications and incoming DMs visible after logout
2 participants
@Gargron @ClearlyClaire