closes #6678

7 years ago · c2c925cacd
parent 29836aaad9
commit c2c925cacd
8 changed files with 93 additions and 36 deletions
--- a/install/package.json
+++ b/install/package.json
@ -77,9 +77,9 @@
        "nodebb-plugin-spam-be-gone": "0.5.4",
        "nodebb-rewards-essentials": "0.0.11",
        "nodebb-theme-lavender": "5.0.7",
-        "nodebb-theme-persona": "9.0.28",
+        "nodebb-theme-persona": "9.0.29",
        "nodebb-theme-slick": "1.2.9",
-        "nodebb-theme-vanilla": "10.1.1",
+        "nodebb-theme-vanilla": "10.1.2",
        "nodebb-widget-essentials": "4.0.7",
        "nodemailer": "^4.6.5",
        "passport": "^0.4.0",
--- a/public/language/en-GB/pages.json
+++ b/public/language/en-GB/pages.json
@ -60,6 +60,7 @@
 	"account/best": "Best posts made by %1",
 	"account/blocks": "Blocked users for %1",
 	"account/uploads": "Uploads by %1",
+	"account/sessions": "Login Sessions",

 	"confirm": "Email Confirmed",

--- a/public/language/en-GB/user.json
+++ b/public/language/en-GB/user.json
@ -169,6 +169,8 @@
 	"info.moderation-note.success": "Moderation note saved",
 	"info.moderation-note.add": "Add note",

+	"sessions.description": "This page allows you to view any active sessions on this forum and revoke them if necessary. You can revoke your own session by logging out of your account.",
+
 	"consent.title": "Your Rights &amp; Consent",
 	"consent.lead": "This community forum collects and processes your personal information.",
 	"consent.intro": "We use this information strictly to personalise your experience in this community, as well as to associate the posts you make to your user account. During the registration step you were asked to provide a username and email address, you can also optionally provide additional information to complete your user profile on this website.<br /><br />We retain this information for the life of your user account, and you are able to withdraw consent at any time by deleting your account. At any time you may request a copy of your contribution to this website, via your Rights &amp; Consent page.<br /><br />If you have any questions or concerns, we encourage you to reach out to this forum's administrative team.",
--- a/public/src/client/account/info.js
+++ b/public/src/client/account/info.js
@ -1,13 +1,13 @@
 'use strict';


-define('forum/account/info', ['forum/account/header', 'components'], function (header, components) {
+define('forum/account/info', ['forum/account/header', 'components', 'forum/account/sessions'], function (header, components, sessions) {
 	var Info = {};

 	Info.init = function () {
 		header.init();
 		handleModerationNote();
-		prepareSessionRevoking();
+		sessions.prepareSessionRevocation();
 	};

 	function handleModerationNote() {
@ -34,36 +34,5 @@ define('forum/account/info', ['forum/account/header', 'components'], function (h
 		});
 	}

-	function prepareSessionRevoking() {
-		components.get('user/sessions').on('click', '[data-action]', function () {
-			var parentEl = $(this).parents('[data-uuid]');
-			var uuid = parentEl.attr('data-uuid');
-
-			if (uuid) {
-				// This is done via DELETE because a user shouldn't be able to
-				// revoke his own session! This is what logout is for
-				$.ajax({
-					url: config.relative_path + '/api/user/' + ajaxify.data.userslug + '/session/' + uuid,
-					method: 'delete',
-					headers: {
-						'x-csrf-token': config.csrf_token,
-					},
-				}).done(function () {
-					parentEl.remove();
-				}).fail(function (err) {
-					try {
-						var errorObj = JSON.parse(err.responseText);
-						if (errorObj.loggedIn === false) {
-							window.location.href = config.relative_path + '/login?error=' + errorObj.title;
-						}
-						app.alertError(errorObj.title);
-					} catch (e) {
-						app.alertError('[[error:invalid-data]]');
-					}
-				});
-			}
-		});
-	}
-
 	return Info;
 });
--- a/public/src/client/account/sessions.js
+++ b/public/src/client/account/sessions.js
@ -0,0 +1,44 @@
+'use strict';
+
+
+define('forum/account/sessions', ['forum/account/header', 'components'], function (header, components) {
+	var Sessions = {};
+
+	Sessions.init = function () {
+		header.init();
+		Sessions.prepareSessionRevocation();
+	};
+
+	Sessions.prepareSessionRevocation = function () {
+		components.get('user/sessions').on('click', '[data-action]', function () {
+			var parentEl = $(this).parents('[data-uuid]');
+			var uuid = parentEl.attr('data-uuid');
+
+			if (uuid) {
+				// This is done via DELETE because a user shouldn't be able to
+				// revoke his own session! This is what logout is for
+				$.ajax({
+					url: config.relative_path + '/api/user/' + ajaxify.data.userslug + '/session/' + uuid,
+					method: 'delete',
+					headers: {
+						'x-csrf-token': config.csrf_token,
+					},
+				}).done(function () {
+					parentEl.remove();
+				}).fail(function (err) {
+					try {
+						var errorObj = JSON.parse(err.responseText);
+						if (errorObj.loggedIn === false) {
+							window.location.href = config.relative_path + '/login?error=' + errorObj.title;
+						}
+						app.alertError(errorObj.title);
+					} catch (e) {
+						app.alertError('[[error:invalid-data]]');
+					}
+				});
+			}
+		});
+	};
+
+	return Sessions;
+});
--- a/src/controllers/accounts/helpers.js
+++ b/src/controllers/accounts/helpers.js
@ -65,6 +65,17 @@ helpers.getUserDataByUserSlug = function (userslug, callerUID, callback) {
 								globalMod: true,
 								admin: true,
 							},
+						}, {
+							id: 'sessions',
+							route: 'sessions',
+							name: '[[pages:account/sessions]]',
+							visibility: {
+								self: true,
+								other: false,
+								moderator: false,
+								globalMod: true,
+								admin: true,
+							},
 						}, {
 							id: 'consent',
 							route: 'consent',
--- a/src/controllers/accounts/sessions.js
+++ b/src/controllers/accounts/sessions.js
@ -4,9 +4,39 @@ var async = require('async');

 var db = require('../../database');
 var user = require('../../user');
+var helpers = require('../helpers');
+var accountHelpers = require('./helpers');

 var sessionController = {};

+sessionController.get = function (req, res, callback) {
+	var userData;
+
+	async.waterfall([
+		function (next) {
+			accountHelpers.getUserDataByUserSlug(req.params.userslug, req.uid, next);
+		},
+		function (_userData, next) {
+			userData = _userData;
+			if (!userData) {
+				return callback();
+			}
+
+			async.parallel({
+				sessions: async.apply(user.auth.getSessions, userData.uid, req.sessionID),
+			}, next);
+		},
+		function (data) {
+			userData.sessions = data.sessions;
+
+			userData.title = '[[pages:account/sessions]]';
+			userData.breadcrumbs = helpers.buildBreadcrumbs([{ text: userData.username, url: '/user/' + userData.userslug }, { text: '[[pages:account/sessions]]' }]);
+
+			res.render('account/sessions', userData);
+		},
+	], callback);
+};
+
 sessionController.revoke = function (req, res, next) {
 	if (!req.params.hasOwnProperty('uuid')) {
 		return next();
--- a/src/routes/accounts.js
+++ b/src/routes/accounts.js
@ -33,7 +33,7 @@ module.exports = function (app, middleware, controllers) {
 	setupPageRoute(app, '/user/:userslug/uploads', middleware, accountMiddlewares, controllers.accounts.uploads.get);
 	setupPageRoute(app, '/user/:userslug/consent', middleware, accountMiddlewares, controllers.accounts.consent.get);
 	setupPageRoute(app, '/user/:userslug/blocks', middleware, accountMiddlewares, controllers.accounts.blocks.getBlocks);
-
+	setupPageRoute(app, '/user/:userslug/sessions', middleware, accountMiddlewares, controllers.accounts.sessions.get);
 	app.delete('/api/user/:userslug/session/:uuid', [middleware.exposeUid, middleware.ensureSelfOrGlobalPrivilege], controllers.accounts.sessions.revoke);

 	setupPageRoute(app, '/notifications', middleware, [middleware.authenticate], controllers.accounts.notifications.get);