Fix: Session of admin is destroyed instead of the deleted user (#3218)

# Description of Changes Please provide a summary of the changes, including: - Replaced `authentication.getPrincipal()` with `username` in the `sessionRegistry.getAllSessions(...)` call inside the `deleteUser` method of `UserController`. - The original implementation incorrectly used the currently authenticated principal to fetch sessions, which could lead to only invalidating the sessions of the user performing the deletion — not the target user being deleted. - By using the `username` parameter directly, this ensures **all sessions of the user being deleted are properly expired and removed**. Closes #(issue_number) --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable) - [x] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details.
2025-06-05 08:42:00 +00:00 · 2025-03-22 22:09:37 +01:00 · 2025-03-22 22:09:37 +01:00 · e04cfcdde7
commit e04cfcdde7
parent d8cca66560
1 changed files with 1 additions and 1 deletions
--- a/src/main/java/stirling/software/SPDF/controller/api/UserController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/UserController.java
@ -333,7 +333,7 @@ public class UserController {
        }
        // Invalidate all sessions before deleting the user
        List<SessionInformation> sessionsInformations =
-                sessionRegistry.getAllSessions(authentication.getPrincipal(), false);
+                sessionRegistry.getAllSessions(username, false);
        for (SessionInformation sessionsInformation : sessionsInformations) {
            sessionRegistry.expireSession(sessionsInformation.getSessionId());
            sessionRegistry.removeSessionInformation(sessionsInformation.getSessionId());