closes #3989

Squashed commit of the following: commit 23de0708708ed190eafbcd6ea93d43333cb87aa3 Author: Julian Lam <julian@designcreateplay.com> Date: Wed Dec 23 10:48:16 2015 -0500 wired up session revocation, #3989 commit 45a3f18321b74a9b6893d404b6c870f1ec4d95cd Author: Julian Lam <julian@designcreateplay.com> Date: Wed Dec 23 09:49:27 2015 -0500 session deletion via session uuid commit 2bf87338cf9bfa2df0b299639421d8da7553c69a Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 13:53:35 2015 -0500 WIP #3989 commit 623f45c3fa8b96f8b6eec0613eb7f9463348ab93 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 10:22:24 2015 -0500 saving more metadata and displaying sessions in UCP #3989 commit d0567ed7cc33a1aea66e921b657f782038f32191 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 10:21:38 2015 -0500 updated fontawesome to v4.5.0 commit 7131c97fe8ab42838eb2915a04e74f80f3d9a133 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 09:39:16 2015 -0500 saving user-agent metadata into user session #3989 commit 661b7e6dba774b80b5dc6d04f89a79f809ff791e Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 09:23:24 2015 -0500 New user auth methods to add/revoke sessions, #3989
2025-12-21 07:50:37 +01:00 · 2015-12-23 10:48:45 -05:00
parent d9125c215c
commit ad9a1d0f2c
21 changed files with 320 additions and 34 deletions
--- a/src/controllers/accounts/session.js
+++ b/src/controllers/accounts/session.js
@@ -0,0 +1,43 @@
+'use strict';
+
+var async = require('async'),
+
+	user = require('../../user'),
+	db = require('../../database');
+
+var sessionController = {};
+
+sessionController.revoke = function(req, res, next) {
+	if (!req.params.hasOwnProperty('uuid')) {
+		return next();
+	}
+
+	var _id;
+
+	async.waterfall([
+		async.apply(db.getObjectField, 'sessionUUID:sessionId', req.params.uuid),
+		function(sessionId, next) {
+			if (!sessionId) {
+				return next(new Error('[[error:no-session-found]]'));
+			}
+
+			_id = sessionId;
+			db.isSortedSetMember('uid:' + req.uid + ':sessions', sessionId, next)
+		},
+		function(isMember, next) {
+			if (isMember) {
+				user.auth.revokeSession(_id, req.uid, next);
+			} else {
+				next(new Error('[[error:no-session-found]]'));
+			}
+		}
+	], function(err) {
+		if (err) {
+			return res.status(500).send(err.message);
+		} else {
+			return res.sendStatus(200);
+		}
+	});
+};
+
+module.exports = sessionController;