src/user/auth.js

'use strict';

const winston = require('winston');
const validator = require('validator');
const util = require('util');
const _ = require('lodash');
const db = require('../database');
const meta = require('../meta');
const events = require('../events');
const batch = require('../batch');
const utils = require('../utils');

module.exports = function (User) {
	User.auth = {};

	User.auth.logAttempt = async function (uid, ip) {
		if (!(parseInt(uid, 10) > 0)) {
			return;
		}
		const exists = await db.exists(`lockout:${uid}`);
		if (exists) {
			throw new Error('[[error:account-locked]]');
		}
		const attempts = await db.increment(`loginAttempts:${uid}`);
		if (attempts <= meta.config.loginAttempts) {
			return await db.pexpire(`loginAttempts:${uid}`, 1000 * 60 * 60);
		}
		// Lock out the account
		await db.set(`lockout:${uid}`, '');
		const duration = 1000 * 60 * meta.config.lockoutDuration;

		await db.delete(`loginAttempts:${uid}`);
		await db.pexpire(`lockout:${uid}`, duration);
		await events.log({
			type: 'account-locked',
			uid: uid,
			ip: ip,
		});
		throw new Error('[[error:account-locked]]');
	};

	User.auth.getFeedToken = async function (uid) {
		if (!(parseInt(uid, 10) > 0)) {
			return;
		}
		const _token = await db.getObjectField(`user:${uid}`, 'rss_token');
		const token = _token || utils.generateUUID();
		if (!_token) {
			await User.setUserField(uid, 'rss_token', token);
		}
		return token;
	};

	User.auth.clearLoginAttempts = async function (uid) {
		await db.delete(`loginAttempts:${uid}`);
	};

	User.auth.resetLockout = async function (uid) {
		await db.deleteAll([
			`loginAttempts:${uid}`,
			`lockout:${uid}`,
		]);
	};

	const getSessionFromStore = util.promisify(
		(sid, callback) => db.sessionStore.get(sid, (err, sessObj) => callback(err, sessObj || null))
	);
	const sessionStoreDestroy = util.promisify(
		(sid, callback) => db.sessionStore.destroy(sid, err => callback(err))
	);

	User.auth.getSessions = async function (uid, curSessionId) {
		await cleanExpiredSessions(uid);
		const sids = await db.getSortedSetRevRange(`uid:${uid}:sessions`, 0, 19);
		let sessions = await Promise.all(sids.map(sid => getSessionFromStore(sid)));
		sessions = sessions.map((sessObj, idx) => {
			if (sessObj && sessObj.meta) {
				sessObj.meta.current = curSessionId === sids[idx];
				sessObj.meta.datetimeISO = new Date(sessObj.meta.datetime).toISOString();
				sessObj.meta.ip = validator.escape(String(sessObj.meta.ip));
			}
			return sessObj && sessObj.meta;
		}).filter(Boolean);
		return sessions;
	};

	async function cleanExpiredSessions(uid) {
		const uuidMapping = await db.getObject(`uid:${uid}:sessionUUID:sessionId`);
		if (!uuidMapping) {
			return;
		}
		const expiredUUIDs = [];
		const expiredSids = [];
		await Promise.all(Object.keys(uuidMapping).map(async (uuid) => {
			const sid = uuidMapping[uuid];
			const sessionObj = await getSessionFromStore(sid);
			const expired = !sessionObj || !sessionObj.hasOwnProperty('passport') ||
				!sessionObj.passport.hasOwnProperty('user') ||
				parseInt(sessionObj.passport.user, 10) !== parseInt(uid, 10);
			if (expired) {
				expiredUUIDs.push(uuid);
				expiredSids.push(sid);
			}
		}));
		await db.deleteObjectFields(`uid:${uid}:sessionUUID:sessionId`, expiredUUIDs);
		await db.sortedSetRemove(`uid:${uid}:sessions`, expiredSids);
	}

	User.auth.addSession = async function (uid, sessionId, uuid) {
		if (!(parseInt(uid, 10) > 0)) {
			return;
		}
		await cleanExpiredSessions(uid);
		await Promise.all([
			db.sortedSetAdd(`uid:${uid}:sessions`, Date.now(), sessionId),
			db.setObjectField(`uid:${uid}:sessionUUID:sessionId`, uuid, sessionId),
		]);
		await revokeSessionsAboveThreshold(uid, meta.config.maxUserSessions);
	};

	async function revokeSessionsAboveThreshold(uid, maxUserSessions) {
		const activeSessions = await db.getSortedSetRange(`uid:${uid}:sessions`, 0, -1);
		if (activeSessions.length > maxUserSessions) {
			const sessionsToRevoke = activeSessions.slice(0, activeSessions.length - maxUserSessions);
			await Promise.all(sessionsToRevoke.map(sessionId => User.auth.revokeSession(sessionId, uid)));
		}
	}

	User.auth.revokeSession = async function (sessionId, uid) {
		winston.verbose(`[user.auth] Revoking session ${sessionId} for user ${uid}`);
		const sessionObj = await getSessionFromStore(sessionId);
		if (sessionObj && sessionObj.meta && sessionObj.meta.uuid) {
			await db.deleteObjectField(`uid:${uid}:sessionUUID:sessionId`, sessionObj.meta.uuid);
		}
		await Promise.all([
			db.sortedSetRemove(`uid:${uid}:sessions`, sessionId),
			sessionStoreDestroy(sessionId),
		]);
	};

	User.auth.revokeAllSessions = async function (uids, except) {
		uids = Array.isArray(uids) ? uids : [uids];
		const sids = await db.getSortedSetsMembers(uids.map(uid => `uid:${uid}:sessions`));
		const promises = [];
		uids.forEach((uid, index) => {
			const ids = sids[index].filter(id => id !== except);
			if (ids.length) {
				promises.push(ids.map(s => User.auth.revokeSession(s, uid)));
			}
		});
		await Promise.all(promises);
	};

	User.auth.deleteAllSessions = async function () {
		await batch.processSortedSet('users:joindate', async (uids) => {
			const sessionKeys = uids.map(uid => `uid:${uid}:sessions`);
			const sessionUUIDKeys = uids.map(uid => `uid:${uid}:sessionUUID:sessionId`);
			const sids = _.flatten(await db.getSortedSetRange(sessionKeys, 0, -1));

			await Promise.all([
				db.deleteAll(sessionKeys.concat(sessionUUIDKeys)),
				...sids.map(sid => sessionStoreDestroy(sid)),
			]);
		}, { batch: 1000 });
	};
};
closes #1911 2014-07-29 00:42:33 -04:00			`'use strict';`

refactor: async/await 2019-10-03 23:31:42 -04:00			`const winston = require('winston');`
			`const validator = require('validator');`
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`const util = require('util');`
			`const _ = require('lodash');`
refactor: async/await 2019-10-03 23:31:42 -04:00			`const db = require('../database');`
			`const meta = require('../meta');`
			`const events = require('../events');`
			`const batch = require('../batch');`
			`const utils = require('../utils');`
closed #1453 2014-05-11 11:45:20 -04:00
Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`module.exports = function (User) {`
closed #1453 2014-05-11 11:45:20 -04:00			`User.auth = {};`

feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`User.auth.logAttempt = async function (uid, ip) {`
fix: logAttempt conditional 2018-12-10 14:40:11 -05:00			`if (!(parseInt(uid, 10) > 0)) {`
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`return;`
on login display invalid-login-credentials 2017-04-24 13:31:38 -04:00			`}`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			const exists = await db.exists(`lockout:${uid}`);
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`if (exists) {`
			`throw new Error('[[error:account-locked]]');`
			`}`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			const attempts = await db.increment(`loginAttempts:${uid}`);
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`if (attempts <= meta.config.loginAttempts) {`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			return await db.pexpire(`loginAttempts:${uid}`, 1000 * 60 * 60);
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`}`
			`// Lock out the account`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			await db.set(`lockout:${uid}`, '');
refactor: async/await 2019-10-03 23:31:42 -04:00			`const duration = 1000 * 60 * meta.config.lockoutDuration;`
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			await db.delete(`loginAttempts:${uid}`);
			await db.pexpire(`lockout:${uid}`, duration);
performance improvements (#8795) * perf: nconf/winston/render cache nconf.get calls modify middleware.pageView to call next earlier don't call winston.verbose on every hook see https://github.com/winstonjs/winston/issues/1669 translate header/footer separately and cache results for guests * fix: copy paste fail * refactor: style and fire hook only log in dev mode * fix: cache key, header changes based on template * perf: change replace * fix: add missing await * perf: category * perf: lodash clone * perf: remove escapeRegexChars 2020-10-26 10:43:18 -04:00			`await events.log({`
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`type: 'account-locked',`
			`uid: uid,`
			`ip: ip,`
			`});`
			`throw new Error('[[error:account-locked]]');`
closed #1453 2014-05-11 11:45:20 -04:00			`};`

feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`User.auth.getFeedToken = async function (uid) {`
			`if (!(parseInt(uid, 10) > 0)) {`
			`return;`
			`}`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			const _token = await db.getObjectField(`user:${uid}`, 'rss_token');
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`const token = _token \|\| utils.generateUUID();`
			`if (!_token) {`
			`await User.setUserField(uid, 'rss_token', token);`
proof of concept for #5740 2017-06-20 16:12:55 -04:00			`}`
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`return token;`
proof of concept for #5740 2017-06-20 16:12:55 -04:00			`};`

feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`User.auth.clearLoginAttempts = async function (uid) {`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			await db.delete(`loginAttempts:${uid}`);
closed #1453 2014-05-11 11:45:20 -04:00			`};`
closes #1971 2014-08-14 08:34:38 -04:00
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`User.auth.resetLockout = async function (uid) {`
			`await db.deleteAll([`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			`loginAttempts:${uid}`,
			`lockout:${uid}`,
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`]);`
all your semi-colons are belongs to me 2014-10-08 12:18:32 -04:00			`};`
closes #3989 Squashed commit of the following: commit 23de0708708ed190eafbcd6ea93d43333cb87aa3 Author: Julian Lam <julian@designcreateplay.com> Date: Wed Dec 23 10:48:16 2015 -0500 wired up session revocation, #3989 commit 45a3f18321b74a9b6893d404b6c870f1ec4d95cd Author: Julian Lam <julian@designcreateplay.com> Date: Wed Dec 23 09:49:27 2015 -0500 session deletion via session uuid commit 2bf87338cf9bfa2df0b299639421d8da7553c69a Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 13:53:35 2015 -0500 WIP #3989 commit 623f45c3fa8b96f8b6eec0613eb7f9463348ab93 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 10:22:24 2015 -0500 saving more metadata and displaying sessions in UCP #3989 commit d0567ed7cc33a1aea66e921b657f782038f32191 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 10:21:38 2015 -0500 updated fontawesome to v4.5.0 commit 7131c97fe8ab42838eb2915a04e74f80f3d9a133 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 09:39:16 2015 -0500 saving user-agent metadata into user session #3989 commit 661b7e6dba774b80b5dc6d04f89a79f809ff791e Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 09:23:24 2015 -0500 New user auth methods to add/revoke sessions, #3989 2015-12-23 10:48:45 -05:00
chore: eslint max-len 2021-02-04 02:07:29 -07:00			`const getSessionFromStore = util.promisify(`
			`(sid, callback) => db.sessionStore.get(sid, (err, sessObj) => callback(err, sessObj \|\| null))`
			`);`
			`const sessionStoreDestroy = util.promisify(`
			`(sid, callback) => db.sessionStore.destroy(sid, err => callback(err))`
			`);`
refactor: async/await 2019-10-03 23:31:42 -04:00
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`User.auth.getSessions = async function (uid, curSessionId) {`
fix: #8318, clean expired sessions on login and get 2020-05-16 20:20:47 -04:00			`await cleanExpiredSessions(uid);`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			const sids = await db.getSortedSetRevRange(`uid:${uid}:sessions`, 0, 19);
refactor: async/await 2019-10-03 23:31:42 -04:00			`let sessions = await Promise.all(sids.map(sid => getSessionFromStore(sid)));`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`sessions = sessions.map((sessObj, idx) => {`
fix: #8318, clean expired sessions on login and get 2020-05-16 20:20:47 -04:00			`if (sessObj && sessObj.meta) {`
			`sessObj.meta.current = curSessionId === sids[idx];`
			`sessObj.meta.datetimeISO = new Date(sessObj.meta.datetime).toISOString();`
			`sessObj.meta.ip = validator.escape(String(sessObj.meta.ip));`
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`}`
fix: #8318, clean expired sessions on login and get 2020-05-16 20:20:47 -04:00			`return sessObj && sessObj.meta;`
			`}).filter(Boolean);`
			`return sessions;`
			`};`
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00
fix: #8318, clean expired sessions on login and get 2020-05-16 20:20:47 -04:00			`async function cleanExpiredSessions(uid) {`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			const uuidMapping = await db.getObject(`uid:${uid}:sessionUUID:sessionId`);
fix: tests, handle no sessions 2020-05-16 22:17:20 -04:00			`if (!uuidMapping) {`
			`return;`
			`}`
fix: #8318, clean expired sessions on login and get 2020-05-16 20:20:47 -04:00			`const expiredUUIDs = [];`
refactor: async/await 2019-10-03 23:31:42 -04:00			`const expiredSids = [];`
fix: #8318, clean expired sessions on login and get 2020-05-16 20:20:47 -04:00			`await Promise.all(Object.keys(uuidMapping).map(async (uuid) => {`
			`const sid = uuidMapping[uuid];`
			`const sessionObj = await getSessionFromStore(sid);`
refactor: async/await 2019-10-03 23:31:42 -04:00			`const expired = !sessionObj \|\| !sessionObj.hasOwnProperty('passport') \|\|`
refactor: tab rules 2021-11-18 16:42:18 -05:00			`!sessionObj.passport.hasOwnProperty('user') \|\|`
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`parseInt(sessionObj.passport.user, 10) !== parseInt(uid, 10);`
			`if (expired) {`
fix: #8318, clean expired sessions on login and get 2020-05-16 20:20:47 -04:00			`expiredUUIDs.push(uuid);`
			`expiredSids.push(sid);`
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`}`
fix: #8318, clean expired sessions on login and get 2020-05-16 20:20:47 -04:00			`}));`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			await db.deleteObjectFields(`uid:${uid}:sessionUUID:sessionId`, expiredUUIDs);
			await db.sortedSetRemove(`uid:${uid}:sessions`, expiredSids);
fix: #8318, clean expired sessions on login and get 2020-05-16 20:20:47 -04:00			`}`
closes #3989 Squashed commit of the following: commit 23de0708708ed190eafbcd6ea93d43333cb87aa3 Author: Julian Lam <julian@designcreateplay.com> Date: Wed Dec 23 10:48:16 2015 -0500 wired up session revocation, #3989 commit 45a3f18321b74a9b6893d404b6c870f1ec4d95cd Author: Julian Lam <julian@designcreateplay.com> Date: Wed Dec 23 09:49:27 2015 -0500 session deletion via session uuid commit 2bf87338cf9bfa2df0b299639421d8da7553c69a Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 13:53:35 2015 -0500 WIP #3989 commit 623f45c3fa8b96f8b6eec0613eb7f9463348ab93 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 10:22:24 2015 -0500 saving more metadata and displaying sessions in UCP #3989 commit d0567ed7cc33a1aea66e921b657f782038f32191 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 10:21:38 2015 -0500 updated fontawesome to v4.5.0 commit 7131c97fe8ab42838eb2915a04e74f80f3d9a133 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 09:39:16 2015 -0500 saving user-agent metadata into user session #3989 commit 661b7e6dba774b80b5dc6d04f89a79f809ff791e Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 09:23:24 2015 -0500 New user auth methods to add/revoke sessions, #3989 2015-12-23 10:48:45 -05:00
fix: move database call used to associate a NodeBB session UUID to its express session id into user.auth.addSession, which is the only time it is called 2023-09-11 14:22:04 -04:00			`User.auth.addSession = async function (uid, sessionId, uuid) {`
fix: dont save data for non-positive uids 2018-12-14 00:09:15 -05:00			`if (!(parseInt(uid, 10) > 0)) {`
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`return;`
fix: dont save data for non-positive uids 2018-12-14 00:09:15 -05:00			`}`
fix: #8318, clean expired sessions on login and get 2020-05-16 20:20:47 -04:00			`await cleanExpiredSessions(uid);`
fix: move database call used to associate a NodeBB session UUID to its express session id into user.auth.addSession, which is the only time it is called 2023-09-11 14:22:04 -04:00			`await Promise.all([`
			db.sortedSetAdd(`uid:${uid}:sessions`, Date.now(), sessionId),
			db.setObjectField(`uid:${uid}:sessionUUID:sessionId`, uuid, sessionId),
			`]);`
fix: #9007 revoke old sessions after adding 2020-11-30 15:05:26 -05:00			`await revokeSessionsAboveThreshold(uid, meta.config.maxUserSessions);`
closes #3989 Squashed commit of the following: commit 23de0708708ed190eafbcd6ea93d43333cb87aa3 Author: Julian Lam <julian@designcreateplay.com> Date: Wed Dec 23 10:48:16 2015 -0500 wired up session revocation, #3989 commit 45a3f18321b74a9b6893d404b6c870f1ec4d95cd Author: Julian Lam <julian@designcreateplay.com> Date: Wed Dec 23 09:49:27 2015 -0500 session deletion via session uuid commit 2bf87338cf9bfa2df0b299639421d8da7553c69a Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 13:53:35 2015 -0500 WIP #3989 commit 623f45c3fa8b96f8b6eec0613eb7f9463348ab93 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 10:22:24 2015 -0500 saving more metadata and displaying sessions in UCP #3989 commit d0567ed7cc33a1aea66e921b657f782038f32191 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 10:21:38 2015 -0500 updated fontawesome to v4.5.0 commit 7131c97fe8ab42838eb2915a04e74f80f3d9a133 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 09:39:16 2015 -0500 saving user-agent metadata into user session #3989 commit 661b7e6dba774b80b5dc6d04f89a79f809ff791e Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 09:23:24 2015 -0500 New user auth methods to add/revoke sessions, #3989 2015-12-23 10:48:45 -05:00			`};`

feat: revoke user sessions above threshold (#8731) * feat: revoke user sessions above threshold * fix: removed translations from en-US * fix: defined default maxUserSessions in install\data\defaults.json 2020-10-08 23:33:18 +02:00			`async function revokeSessionsAboveThreshold(uid, maxUserSessions) {`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			const activeSessions = await db.getSortedSetRange(`uid:${uid}:sessions`, 0, -1);
feat: revoke user sessions above threshold (#8731) * feat: revoke user sessions above threshold * fix: removed translations from en-US * fix: defined default maxUserSessions in install\data\defaults.json 2020-10-08 23:33:18 +02:00			`if (activeSessions.length > maxUserSessions) {`
			`const sessionsToRevoke = activeSessions.slice(0, activeSessions.length - maxUserSessions);`
			`await Promise.all(sessionsToRevoke.map(sessionId => User.auth.revokeSession(sessionId, uid)));`
			`}`
			`}`

feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`User.auth.revokeSession = async function (sessionId, uid) {`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			winston.verbose(`[user.auth] Revoking session ${sessionId} for user ${uid}`);
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`const sessionObj = await getSessionFromStore(sessionId);`
			`if (sessionObj && sessionObj.meta && sessionObj.meta.uuid) {`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			await db.deleteObjectField(`uid:${uid}:sessionUUID:sessionId`, sessionObj.meta.uuid);
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`}`
refactor: async/await 2019-10-03 23:31:42 -04:00			`await Promise.all([`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			db.sortedSetRemove(`uid:${uid}:sessions`, sessionId),
refactor: async/await 2019-10-03 23:31:42 -04:00			`sessionStoreDestroy(sessionId),`
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`]);`
closes #3989 Squashed commit of the following: commit 23de0708708ed190eafbcd6ea93d43333cb87aa3 Author: Julian Lam <julian@designcreateplay.com> Date: Wed Dec 23 10:48:16 2015 -0500 wired up session revocation, #3989 commit 45a3f18321b74a9b6893d404b6c870f1ec4d95cd Author: Julian Lam <julian@designcreateplay.com> Date: Wed Dec 23 09:49:27 2015 -0500 session deletion via session uuid commit 2bf87338cf9bfa2df0b299639421d8da7553c69a Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 13:53:35 2015 -0500 WIP #3989 commit 623f45c3fa8b96f8b6eec0613eb7f9463348ab93 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 10:22:24 2015 -0500 saving more metadata and displaying sessions in UCP #3989 commit d0567ed7cc33a1aea66e921b657f782038f32191 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 10:21:38 2015 -0500 updated fontawesome to v4.5.0 commit 7131c97fe8ab42838eb2915a04e74f80f3d9a133 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 09:39:16 2015 -0500 saving user-agent metadata into user session #3989 commit 661b7e6dba774b80b5dc6d04f89a79f809ff791e Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 09:23:24 2015 -0500 New user auth methods to add/revoke sessions, #3989 2015-12-23 10:48:45 -05:00			`};`

feat: allow revokeAllSessions method to revoke all sessions except that which is passed in (new arg) 2021-07-28 14:50:00 -04:00			`User.auth.revokeAllSessions = async function (uids, except) {`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`uids = Array.isArray(uids) ? uids : [uids];`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			const sids = await db.getSortedSetsMembers(uids.map(uid => `uid:${uid}:sessions`));
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`const promises = [];`
			`uids.forEach((uid, index) => {`
feat: allow revokeAllSessions method to revoke all sessions except that which is passed in (new arg) 2021-07-28 14:50:00 -04:00			`const ids = sids[index].filter(id => id !== except);`
			`if (ids.length) {`
			`promises.push(ids.map(s => User.auth.revokeSession(s, uid)));`
			`}`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`});`
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`await Promise.all(promises);`
closes #3989 Squashed commit of the following: commit 23de0708708ed190eafbcd6ea93d43333cb87aa3 Author: Julian Lam <julian@designcreateplay.com> Date: Wed Dec 23 10:48:16 2015 -0500 wired up session revocation, #3989 commit 45a3f18321b74a9b6893d404b6c870f1ec4d95cd Author: Julian Lam <julian@designcreateplay.com> Date: Wed Dec 23 09:49:27 2015 -0500 session deletion via session uuid commit 2bf87338cf9bfa2df0b299639421d8da7553c69a Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 13:53:35 2015 -0500 WIP #3989 commit 623f45c3fa8b96f8b6eec0613eb7f9463348ab93 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 10:22:24 2015 -0500 saving more metadata and displaying sessions in UCP #3989 commit d0567ed7cc33a1aea66e921b657f782038f32191 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 10:21:38 2015 -0500 updated fontawesome to v4.5.0 commit 7131c97fe8ab42838eb2915a04e74f80f3d9a133 Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 09:39:16 2015 -0500 saving user-agent metadata into user session #3989 commit 661b7e6dba774b80b5dc6d04f89a79f809ff791e Author: Julian Lam <julian@designcreateplay.com> Date: Tue Dec 22 09:23:24 2015 -0500 New user auth methods to add/revoke sessions, #3989 2015-12-23 10:48:45 -05:00			`};`
closes #4544 2016-12-15 14:47:42 +03:00
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`User.auth.deleteAllSessions = async function () {`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`await batch.processSortedSet('users:joindate', async (uids) => {`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			const sessionKeys = uids.map(uid => `uid:${uid}:sessions`);
			const sessionUUIDKeys = uids.map(uid => `uid:${uid}:sessionUUID:sessionId`);
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`const sids = _.flatten(await db.getSortedSetRange(sessionKeys, 0, -1));`
refactor: async/await 2019-10-03 23:31:42 -04:00
refactor: remove log, topics.exists 2019-10-04 19:19:01 -04:00			`await Promise.all([`
refactor: async/await 2019-10-03 23:31:42 -04:00			`db.deleteAll(sessionKeys.concat(sessionUUIDKeys)),`
			`...sids.map(sid => sessionStoreDestroy(sid)),`
refactor: remove log, topics.exists 2019-10-04 19:19:01 -04:00			`]);`
feat: #7743, user/approval, user/auth 2019-07-11 23:43:00 -04:00			`}, { batch: 1000 });`
closes #4544 2016-12-15 14:47:42 +03:00			`};`
ESlint eol-last 2017-02-18 02:30:48 -07:00			`};`