From d002c3eb76605ef38c97637ad7446828549b1441 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Tue, 25 Oct 2016 10:58:09 -0400 Subject: [PATCH] fixing session revocation on account info page --- public/src/client/account/info.js | 34 ++++++++++++++++++++++++++- public/src/client/account/settings.js | 32 ------------------------- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/public/src/client/account/info.js b/public/src/client/account/info.js index 4ee76b21a3..bd7d361d23 100644 --- a/public/src/client/account/info.js +++ b/public/src/client/account/info.js @@ -2,12 +2,13 @@ /* globals define, socket, ajaxify, app */ -define('forum/account/info', ['forum/account/header'], function (header) { +define('forum/account/info', ['forum/account/header', 'components'], function (header, components) { var Info = {}; Info.init = function () { header.init(); handleModerationNote(); + prepareSessionRevoking(); }; function handleModerationNote() { @@ -22,5 +23,36 @@ define('forum/account/info', ['forum/account/header'], function (header) { }); } + function prepareSessionRevoking() { + components.get('user/sessions').on('click', '[data-action]', function () { + var parentEl = $(this).parents('[data-uuid]'); + var uuid = parentEl.attr('data-uuid'); + + if (uuid) { + // This is done via DELETE because a user shouldn't be able to + // revoke his own session! This is what logout is for + $.ajax({ + url: config.relative_path + '/api/user/' + ajaxify.data.userslug + '/session/' + uuid, + method: 'delete', + headers: { + 'x-csrf-token': config.csrf_token + } + }).done(function () { + parentEl.remove(); + }).fail(function (err) { + try { + var errorObj = JSON.parse(err.responseText); + if (errorObj.loggedIn === false) { + window.location.href = config.relative_path + '/login?error=' + errorObj.title; + } + app.alertError(errorObj.title); + } catch (e) { + app.alertError('[[error:invalid-data]]'); + } + }); + } + }); + } + return Info; }); diff --git a/public/src/client/account/settings.js b/public/src/client/account/settings.js index 6410267795..b2220d69a2 100644 --- a/public/src/client/account/settings.js +++ b/public/src/client/account/settings.js @@ -43,7 +43,6 @@ define('forum/account/settings', ['forum/account/header', 'components', 'sounds' toggleCustomRoute(); components.get('user/sessions').find('.timeago').timeago(); - prepareSessionRevoking(); }; function loadSettings() { @@ -115,36 +114,5 @@ define('forum/account/settings', ['forum/account/header', 'components', 'sounds' } } - function prepareSessionRevoking() { - components.get('user/sessions').on('click', '[data-action]', function () { - var parentEl = $(this).parents('[data-uuid]'); - var uuid = parentEl.attr('data-uuid'); - - if (uuid) { - // This is done via DELETE because a user shouldn't be able to - // revoke his own session! This is what logout is for - $.ajax({ - url: config.relative_path + '/api/user/' + ajaxify.data.userslug + '/session/' + uuid, - method: 'delete', - headers: { - 'x-csrf-token': config.csrf_token - } - }).done(function () { - parentEl.remove(); - }).fail(function (err) { - try { - var errorObj = JSON.parse(err.responseText); - if (errorObj.loggedIn === false) { - window.location.href = config.relative_path + '/login?error=' + errorObj.title; - } - app.alertError(errorObj.title); - } catch (e) { - app.alertError('[[error:invalid-data]]'); - } - }); - } - }); - } - return AccountSettings; });