1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/d09e2505fc10/ changeset: d09e2505fc10 user: natefoo date: 2011-11-08 16:23:52 summary: Invalidate other Galaxy sessions upon password change. Thanks Bob Harris! affected #: 1 file diff -r ba739e96c1a14d649c37655cecfc5b835ab343d2 -r d09e2505fc105eaf9e04c4c973df613f873f6dca lib/galaxy/web/controllers/user.py --- a/lib/galaxy/web/controllers/user.py +++ b/lib/galaxy/web/controllers/user.py @@ -753,7 +753,7 @@ password = kwd.get( 'password', '' ) confirm = kwd.get( 'confirm', '' ) ok = True - if not webapp == 'galaxy' and not is_admin: + if not is_admin: # If the current user is changing their own password, validate their current password current = kwd.get( 'current', '' ) if not trans.user.check_password( current ): @@ -768,10 +768,17 @@ else: # Save new password user.set_password_cleartext( password ) + # Invalidate all other sessions + for other_galaxy_session in trans.sa_session.query( trans.app.model.GalaxySession ) \ + .filter( and_( trans.app.model.GalaxySession.table.c.user_id==trans.user.id, + trans.app.model.GalaxySession.table.c.is_valid==True, + trans.app.model.GalaxySession.table.c.id!=trans.galaxy_session.id ) ): + other_galaxy_session.is_valid = False + trans.sa_session.add( other_galaxy_session ) trans.sa_session.add( user ) trans.sa_session.flush() trans.log_event( "User change password" ) - message = 'The password has been changed.' + message = 'The password has been changed and any other existing Galaxy sessions have been logged out (but jobs in histories in those sessions will not be interrupted).' elif user and params.get( 'edit_user_info_button', False ): # Edit user information - webapp MUST BE 'galaxy' user_type_fd_id = params.get( 'user_type_fd_id', 'none' ) Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.