mahara-contributors team mailing list archive

[Mahara Bot <1471103@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://reviews.mahara.org/8415
Committed: https://git.mahara.org/mahara/mahara/commit/1463b86d6c414b94af7759924358c8a77c5572b2
Submitter: Robert Lyon (robertl@xxxxxxxxxxxxxxx)
Branch:    16.10_STABLE

commit 1463b86d6c414b94af7759924358c8a77c5572b2
Author: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date:   Wed Jan 10 08:58:19 2018 +1300

Bug 1471103: Force user to login after password reset via CLI script

Kill any sessions that the account may have active

behatnotneeded

Change-Id: I602fe94262c453eae1f5e1faf83d7709720bd906
Signed-off-by: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
(cherry picked from commit 8224721372cbf66cf742938879fa0f30f18ca47f)

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1471103

Title:
  Make the password reset CLI script log out the user

Status in Mahara:
  Fix Committed
Status in Mahara 16.10 series:
  Fix Committed
Status in Mahara 17.04 series:
  Fix Committed
Status in Mahara 17.10 series:
  Fix Committed
Status in Mahara 18.04 series:
  Fix Committed

Bug description:
  In Bug 1396564 we added a command-line script for resetting Mahara
  passwords.

  Robert pointed out that this script should end any current sessions
  for the user. The idea is that, if their password needs to be reset
  because their account has been hacked, then we should kick out any
  remaining sessions that are logged-in, because the attacker could use
  those to re-reset their password.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1471103/+subscriptions