nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Destroy previous auths on new auth request

Browse source
This commit is contained in:
theworldbright 2015-10-04 00:36:13 -07:00
parent da766d8e8b
commit 80cbc7d915
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/api/openid_connect/authorizations_controller.rb
View file

@ -10,6 +10,12 @@ module Api
def new
auth = Api::OpenidConnect::Authorization.find_by_client_id_and_user(params[:client_id], current_user)
if auth
auth.o_auth_access_tokens.destroy_all
auth.id_tokens.destroy_all
auth.code_used = false
auth.save
end
if logged_in_before?(params[:max_age])
reauthenticate
elsif params[:prompt]