1126 explicit session invalidation (!13647) · Merge requests · Administrator / sourcegraph

Administrator requested to merge elizabeth/1126-explicit-session-invalidation into main Sep 04, 2020

Created by: ElizabethStirling

Draft PR while I work on tests

Invalidate session based authentication whenever the user's password is modified or reset, as well as adding a button for site admins to sign out other users.

References #1126

Remaining for this PR:

Add test code
Link Changelog to this PR

~~Remaining work that may be broken out into another PR~~ ~~- Extend session invalidation to invalidate oauth or external auth provider based logins~~ ~~Note that many of these are already managed by sessions, and so are already covered by this PR. However, Github, Gitlab, and other oauth providers aren't.~~ UPDATE: this PR covers oauth providers as well.

1126 explicit session invalidation

Merge request reports