fix: limit end_session to the users own sessions
All checks were successful
ci/woodpecker/push/test Pipeline was successful
All checks were successful
ci/woodpecker/push/test Pipeline was successful
This commit is contained in:
parent
29cf990363
commit
eccbc3c3d6
GPG key ID:
901B2ADDF27C2263
1 changed files with 2 additions and 1 deletions
|
|
@ -61,8 +61,9 @@ impl Sessions for User {
|
||||||
|
|
||||||
/// End a user session
|
/// End a user session
|
||||||
async fn end_session(&self, id: &str) {
|
async fn end_session(&self, id: &str) {
|
||||||
sqlx::query("DELETE FROM user_session WHERE id = $1")
|
sqlx::query("DELETE FROM user_session WHERE id = $1 AND \"user\" = $2")
|
||||||
.bind(id)
|
.bind(id)
|
||||||
|
.bind(&self.username)
|
||||||
.execute(get_pg!())
|
.execute(get_pg!())
|
||||||
.await
|
.await
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue