fix: limit end_session to the users own sessions
All checks were successful
ci/woodpecker/push/test Pipeline was successful
All checks were successful
ci/woodpecker/push/test Pipeline was successful
This commit is contained in:
parent
29cf990363
commit
eccbc3c3d6
GPG key ID:
901B2ADDF27C2263
1 changed files with 2 additions and 1 deletions
|
|
@ -61,8 +61,9 @@ impl Sessions for User {
|
|||
|
||||
/// End a user session
|
||||
async fn end_session(&self, id: &str) {
|
||||
sqlx::query("DELETE FROM user_session WHERE id = $1")
|
||||
sqlx::query("DELETE FROM user_session WHERE id = $1 AND \"user\" = $2")
|
||||
.bind(id)
|
||||
.bind(&self.username)
|
||||
.execute(get_pg!())
|
||||
.await
|
||||
.unwrap();
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue