diff options
author | Robert Speicher <robert@gitlab.com> | 2016-12-07 00:51:33 +0000 |
---|---|---|
committer | Alejandro RodrÃguez <alejorro70@gmail.com> | 2016-12-08 21:21:06 -0300 |
commit | 47bc0125beba2351c5d78323677a34d19b102047 (patch) | |
tree | 9e0c9f32800c8761726917ab3d5456761afc07e5 | |
parent | 6992ac111713be14b050a72a462eb70d9be35ebc (diff) | |
download | gitlab-ce-47bc0125beba2351c5d78323677a34d19b102047.tar.gz |
Merge branch 'destroy-session' into 'security'
Destroy a user session when they delete their own account via browser
This patch destroys a user's session when they delete their own account
using a browser. A new session is created as they are redirected to the
sign_in page.
Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/25015
See merge request !2042
-rw-r--r-- | app/controllers/registrations_controller.rb | 5 | ||||
-rw-r--r-- | changelogs/unreleased/destroy-session.yml | 4 |
2 files changed, 8 insertions, 1 deletions
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index 3327f4f2b87..c45196cc3e9 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -27,7 +27,10 @@ class RegistrationsController < Devise::RegistrationsController DeleteUserService.new(current_user).execute(current_user) respond_to do |format| - format.html { redirect_to new_user_session_path, notice: "Account successfully removed." } + format.html do + session.try(:destroy) + redirect_to new_user_session_path, notice: "Account successfully removed." + end end end diff --git a/changelogs/unreleased/destroy-session.yml b/changelogs/unreleased/destroy-session.yml new file mode 100644 index 00000000000..e713e2dc424 --- /dev/null +++ b/changelogs/unreleased/destroy-session.yml @@ -0,0 +1,4 @@ +--- +title: Destroy a user's session when they delete their own account +merge_request: +author: |