snikket-server

snikket-server copied to clipboard

When changing the role of a user in the web portal, their current XMPP connections are killed to let the changes take effect, but web portal sessions continue to live on.

This means that I can nicely test everything with my own user because I can change my role to Limited and have it take effect in the app without de-admin-ing myself in the portal :). However, obviously this is a problem in real deployments, because in a bad situation, you might want to be able to take admin permissions away immediately, without the subject being able to do things with those permissions afterward (such as restoring their admin permissions and taking yours away).

This should have been fixed by one of the Prosody updates, whichever included at least this commit. Should probably be tested to be sure.

Testing done:

1. Login to web portal with admin user in first window
2. Open second, private browsing window and login with normal user
3. In the first window, change role of the regular user to limited
4. Refresh page or click something in the second window
5. Observe that the regular user gets logged out
6. Attempt to login again but this fails (bug?)