From 2b40b23f14f2e23b8bb1a2b09f188d9eceea2d27 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 5 Jan 2023 15:06:48 +0100
Subject: [session] Add checkbox to log out all other sessions on pw change

---
 modules-available/session/lang/de/template-tags.json     | 1 +
 modules-available/session/lang/en/template-tags.json     | 1 +
 modules-available/session/page.inc.php                   | 3 +++
 modules-available/session/templates/change-password.html | 4 ++++
 4 files changed, 9 insertions(+)

(limited to 'modules-available/session')

diff --git a/modules-available/session/lang/de/template-tags.json b/modules-available/session/lang/de/template-tags.json
index 491c7cc3..d518e1cb 100644
--- a/modules-available/session/lang/de/template-tags.json
+++ b/modules-available/session/lang/de/template-tags.json
@@ -5,6 +5,7 @@
     "lang_enter": "Anmeldung",
     "lang_expires": "L\u00e4uft bei Inaktivit\u00e4t ab",
     "lang_fixedIpSession": "Sitzung an IP-Adresse binden",
+    "lang_killOtherSessions": "Alle meine anderen Sitzungen ausloggen",
     "lang_lastAddress": "Letzter Zugriff von",
     "lang_login": "Anmelden",
     "lang_newPassword": "Neues Passwort",
diff --git a/modules-available/session/lang/en/template-tags.json b/modules-available/session/lang/en/template-tags.json
index 0bd192f3..e21a1bf9 100644
--- a/modules-available/session/lang/en/template-tags.json
+++ b/modules-available/session/lang/en/template-tags.json
@@ -5,6 +5,7 @@
     "lang_enter": "Enter",
     "lang_expires": "Expires on no activity",
     "lang_fixedIpSession": "Bind session to IP address",
+    "lang_killOtherSessions": "Log out all my other sessions",
     "lang_lastAddress": "Last access from",
     "lang_login": "Login",
     "lang_newPassword": "New password",
diff --git a/modules-available/session/page.inc.php b/modules-available/session/page.inc.php
index 66f672f0..71f24886 100644
--- a/modules-available/session/page.inc.php
+++ b/modules-available/session/page.inc.php
@@ -48,6 +48,9 @@ class Page_Session extends Page
 				Message::addError('adduser.password-mismatch');
 				Util::redirect('?do=session');
 			}
+			if (Request::post('kill-other-sessions', false, 'bool')) {
+				Session::deleteAllButCurrent();
+			}
 			if (User::updatePassword($new)) {
 				Message::addSuccess('password-changed');
 			} else {
diff --git a/modules-available/session/templates/change-password.html b/modules-available/session/templates/change-password.html
index fa8e573f..fa61fd77 100644
--- a/modules-available/session/templates/change-password.html
+++ b/modules-available/session/templates/change-password.html
@@ -5,6 +5,10 @@
 		<input type="password" name="newpass1" class="form-control" placeholder="{{lang_newPassword}}">
 		<input type="password" name="newpass2" class="form-control" placeholder="{{lang_repeatPassword}}">
 	</div>
+	<div class="checkbox">
+		<input type="checkbox" id="kill-other-sessions" name="kill-other-sessions" value="1">
+		<label for="kill-other-sessions">{{lang_killOtherSessions}}</label>
+	</div>
 	<button class="btn btn-lg btn-primary btn-block" type="submit">{{lang_changePassword}}</button>
 	<input type="hidden" name="action" value="changepw">
 	<input type="hidden" name="token" value="{{token}}">
-- 
cgit v1.2.3-55-g7522