mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity

feat(api): invalidate sessions on user deactivation (MS21-AUTH-004)
Some checks failed
ci/woodpecker/push/api Pipeline failed
Details

Browse Source
This commit is contained in:
Jason Woltje
2026-02-28 17:29:37 -06:00
parent c939a541a7
commit 846c80f430
1 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apps/api/src/admin/admin.service.ts
View File

@@ -192,7 +192,8 @@ export class AdminService {
throw new BadRequestException(`User ${id} is already deactivated`); throw new BadRequestException(`User ${id} is already deactivated`);
} }
const user = await this.prisma.user.update({ const [user] = await this.prisma.$transaction([
this.prisma.user.update({
where: { id }, where: { id },
data: { deactivatedAt: new Date() }, data: { deactivatedAt: new Date() },
include: { include: {
@@ -202,9 +203,11 @@ export class AdminService {
}, },
}, },
}, },
}); }),
this.prisma.session.deleteMany({ where: { userId: id } }),
]);
this.logger.log(`User deactivated: ${id}`); this.logger.log(`User deactivated and sessions invalidated: ${id}`);
return { return {
id: user.id, id: user.id,