1126 explicit session invalidation
Created by: ElizabethStirling
Draft PR while I work on tests
Invalidate session based authentication whenever the user's password is modified or reset, as well as adding a button for site admins to sign out other users.
References #1126 (closed)
Remaining for this PR:
-
Add test code -
Link Changelog to this PR
Remaining work that may be broken out into another PR
- Extend session invalidation to invalidate oauth or external auth provider based logins
Note that many of these are already managed by sessions, and so are already covered by this PR. However, Github, Gitlab, and other oauth providers aren't.
UPDATE: this PR covers oauth providers as well.