fixing session revocation on account info page

2026-05-07 06:07:28 +02:00 · 2016-10-25 10:58:09 -04:00
parent 0d90279463
commit d002c3eb76
2 changed files with 33 additions and 33 deletions
--- a/public/src/client/account/info.js
+++ b/public/src/client/account/info.js
@@ -2,12 +2,13 @@

 /* globals define, socket, ajaxify, app */

-define('forum/account/info', ['forum/account/header'], function (header) {
+define('forum/account/info', ['forum/account/header', 'components'], function (header, components) {
 	var Info = {};

 	Info.init = function () {
 		header.init();
 		handleModerationNote();
+		prepareSessionRevoking();
 	};

 	function handleModerationNote() {
@@ -22,5 +23,36 @@ define('forum/account/info', ['forum/account/header'], function (header) {
 		});
 	}

+	function prepareSessionRevoking() {
+		components.get('user/sessions').on('click', '[data-action]', function () {
+			var parentEl = $(this).parents('[data-uuid]');
+			var uuid = parentEl.attr('data-uuid');
+
+			if (uuid) {
+				// This is done via DELETE because a user shouldn't be able to
+				// revoke his own session! This is what logout is for
+				$.ajax({
+					url: config.relative_path + '/api/user/' + ajaxify.data.userslug + '/session/' + uuid,
+					method: 'delete',
+					headers: {
+						'x-csrf-token': config.csrf_token
+					}
+				}).done(function () {
+					parentEl.remove();
+				}).fail(function (err) {
+					try {
+						var errorObj = JSON.parse(err.responseText);
+						if (errorObj.loggedIn === false) {
+							window.location.href = config.relative_path + '/login?error=' + errorObj.title;
+						}
+						app.alertError(errorObj.title);
+					} catch (e) {
+						app.alertError('[[error:invalid-data]]');
+					}
+				});
+			}
+		});
+	}
+
 	return Info;
 });
--- a/public/src/client/account/settings.js
+++ b/public/src/client/account/settings.js
@@ -43,7 +43,6 @@ define('forum/account/settings', ['forum/account/header', 'components', 'sounds'
 		toggleCustomRoute();

 		components.get('user/sessions').find('.timeago').timeago();
-		prepareSessionRevoking();
 	};

 	function loadSettings() {
@@ -115,36 +114,5 @@ define('forum/account/settings', ['forum/account/header', 'components', 'sounds'
 		}
 	}

-	function prepareSessionRevoking() {
-		components.get('user/sessions').on('click', '[data-action]', function () {
-			var parentEl = $(this).parents('[data-uuid]');
-			var uuid = parentEl.attr('data-uuid');
-
-			if (uuid) {
-				// This is done via DELETE because a user shouldn't be able to
-				// revoke his own session! This is what logout is for
-				$.ajax({
-					url: config.relative_path + '/api/user/' + ajaxify.data.userslug + '/session/' + uuid,
-					method: 'delete',
-					headers: {
-						'x-csrf-token': config.csrf_token
-					}
-				}).done(function () {
-					parentEl.remove();
-				}).fail(function (err) {
-					try {
-						var errorObj = JSON.parse(err.responseText);
-						if (errorObj.loggedIn === false) {
-							window.location.href = config.relative_path + '/login?error=' + errorObj.title;
-						}
-						app.alertError(errorObj.title);
-					} catch (e) {
-						app.alertError('[[error:invalid-data]]');
-					}
-				});
-			}
-		});
-	}
-
 	return AccountSettings;
 });