Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-03-18 00:19:49 +01:00
Code Issues Projects Releases Wiki Activity

feat: show deleted user sessions (#8749)

Browse Source
This commit is contained in:
Mateusz Kwasniewski 2024-11-14 10:30:31 +01:00 committed by GitHub
parent ec9be77383
commit 4fabf49706
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 126 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
frontend/src/component/user/HostedAuth.tsx
View File

@ -12,6 +12,7 @@ import { LOGIN_BUTTON, LOGIN_EMAIL_ID, LOGIN_PASSWORD_ID } from 'utils/testIds';
import type { IAuthEndpointDetailsResponse } from 'hooks/api/getters/useAuth/useAuthEndpoint'; import type { IAuthEndpointDetailsResponse } from 'hooks/api/getters/useAuth/useAuthEndpoint';
import { BadRequestError, NotFoundError } from 'utils/apiUtils'; import { BadRequestError, NotFoundError } from 'utils/apiUtils';
import { contentSpacingY } from 'themes/themeStyles'; import { contentSpacingY } from 'themes/themeStyles';
import useToast from 'hooks/useToast';
interface IHostedAuthProps { interface IHostedAuthProps {
authDetails: IAuthEndpointDetailsResponse; authDetails: IAuthEndpointDetailsResponse;
@ -47,6 +48,7 @@ const HostedAuth: VFC<IHostedAuthProps> = ({ authDetails, redirect }) => {
passwordError?: string; passwordError?: string;
apiError?: string; apiError?: string;
}>({}); }>({});
const { setToastData } = useToast();
const handleSubmit: FormEventHandler<HTMLFormElement> = async (evt) => { const handleSubmit: FormEventHandler<HTMLFormElement> = async (evt) => {
evt.preventDefault(); evt.preventDefault();
@ -69,7 +71,18 @@ const HostedAuth: VFC<IHostedAuthProps> = ({ authDetails, redirect }) => {
} }
try { try {
await passwordAuth(authDetails.path, username, password); const data = await passwordAuth(
authDetails.path,
username,
password,
);
if (data.deletedSessions && data.activeSessions) {
setToastData({
type: 'success',
title: 'Maximum Session Limit Reached',
text: `You can have up to ${data.activeSessions} active sessions at a time. To allow this login, weve logged out ${data.deletedSessions} session(s) from other browsers.`,
});
}
refetchUser(); refetchUser();
navigate(redirect, { replace: true }); navigate(redirect, { replace: true });
} catch (error: any) { } catch (error: any) {

16
frontend/src/component/user/PasswordAuth.tsx
View File

@ -17,6 +17,7 @@ import {
NotFoundError, NotFoundError,
} from 'utils/apiUtils'; } from 'utils/apiUtils';
import { contentSpacingY } from 'themes/themeStyles'; import { contentSpacingY } from 'themes/themeStyles';
import useToast from 'hooks/useToast';
interface IPasswordAuthProps { interface IPasswordAuthProps {
authDetails: IAuthEndpointDetailsResponse; authDetails: IAuthEndpointDetailsResponse;
@ -46,6 +47,7 @@ const PasswordAuth: VFC<IPasswordAuthProps> = ({ authDetails, redirect }) => {
passwordError?: string; passwordError?: string;
apiError?: string; apiError?: string;
}>({}); }>({});
const { setToastData } = useToast();
const handleSubmit: FormEventHandler<HTMLFormElement> = async (evt) => { const handleSubmit: FormEventHandler<HTMLFormElement> = async (evt) => {
evt.preventDefault(); evt.preventDefault();
@ -68,7 +70,19 @@ const PasswordAuth: VFC<IPasswordAuthProps> = ({ authDetails, redirect }) => {
} }
try { try {
await passwordAuth(authDetails.path, username, password); const data = await passwordAuth(
authDetails.path,
username,
password,
);
if (data.deletedSessions && data.activeSessions) {
setToastData({
type: 'success',
title: 'Maximum Session Limit Reached',
text: `You can have up to ${data.activeSessions} active sessions at a time. To allow this login, weve logged out ${data.deletedSessions} session(s) from other browsers.`,
});
}
refetchUser(); refetchUser();
navigate(redirect, { replace: true }); navigate(redirect, { replace: true });
} catch (error: any) { } catch (error: any) {

14
frontend/src/hooks/api/actions/useAuthApi/useAuthApi.tsx
View File

@ -1,11 +1,12 @@
import { headers } from 'utils/apiUtils'; import { headers } from 'utils/apiUtils';
import useAPI from '../useApi/useApi'; import useAPI from '../useApi/useApi';
import type { UserSchema } from 'openapi';
type PasswordLogin = ( type PasswordLogin = (
path: string, path: string,
username: string, username: string,
password: string, password: string,
) => Promise<Response>; ) => Promise<UserSchema>;
type EmailLogin = (path: string, email: string) => Promise<Response>; type EmailLogin = (path: string, email: string) => Promise<Response>;
@ -21,7 +22,11 @@ export const useAuthApi = (): IUseAuthApiOutput => {
propagateErrors: true, propagateErrors: true,
}); });
const passwordAuth = (path: string, username: string, password: string) => { const passwordAuth = async (
path: string,
username: string,
password: string,
): Promise<UserSchema> => {
const req = { const req = {
caller: () => { caller: () => {
return fetch(path, { return fetch(path, {
@ -33,7 +38,10 @@ export const useAuthApi = (): IUseAuthApiOutput => {
id: 'passwordAuth', id: 'passwordAuth',
}; };
return makeRequest(req.caller, req.id); const res = await makeRequest(req.caller, req.id);
const data = await res.json();
return data;
}; };
const emailAuth = (path: string, email: string) => { const emailAuth = (path: string, email: string) => {

2
frontend/src/openapi/models/userSchema.ts
View File

@ -59,4 +59,6 @@ export interface UserSchema {
* @nullable * @nullable
*/ */
username?: string | null; username?: string | null;
deletedSessions?: number;
activeSessions?: number;
} }

6
src/lib/openapi/spec/user-schema.ts
View File

@ -105,6 +105,12 @@ export const userSchema = {
nullable: true, nullable: true,
example: 2, example: 2,
}, },
deletedSessions: {
description:
'Experimental. The number of deleted browser sessions after last login',
type: 'number',
example: 1,
},
}, },
components: {}, components: {},
} as const; } as const;

3
src/lib/services/session-service.ts
View File

@ -36,7 +36,7 @@ export default class SessionService {
async deleteStaleSessionsForUser( async deleteStaleSessionsForUser(
userId: number, userId: number,
maxSessions: number, maxSessions: number,
): Promise<void> { ): Promise<number> {
const userSessions: ISession[] = const userSessions: ISession[] =
await this.sessionStore.getSessionsForUser(userId); await this.sessionStore.getSessionsForUser(userId);
const newestFirst = userSessions.sort((a, b) => const newestFirst = userSessions.sort((a, b) =>
@ -48,6 +48,7 @@ export default class SessionService {
this.sessionStore.delete(session.sid), this.sessionStore.delete(session.sid),
), ),
); );
return sessionsToDelete.length;
} }
async deleteSession(sid: string): Promise<void> { async deleteSession(sid: string): Promise<void> {

11
src/lib/services/user-service.ts
View File

@ -425,10 +425,13 @@ class UserService {
deleteStaleUserSessions.payload?.value || 30, deleteStaleUserSessions.payload?.value || 30,
); );
// subtract current user session that will be created // subtract current user session that will be created
await this.sessionService.deleteStaleSessionsForUser( const deletedSessionsCount =
user.id, await this.sessionService.deleteStaleSessionsForUser(
Math.max(allowedSessions - 1, 0), user.id,
); Math.max(allowedSessions - 1, 0),
);
user.deletedSessions = deletedSessionsCount;
user.activeSessions = allowedSessions;
} }
this.eventBus.emit(USER_LOGIN, { loginOrder }); this.eventBus.emit(USER_LOGIN, { loginOrder });
return user; return user;

2
src/lib/types/user.ts
View File

@ -31,6 +31,8 @@ export interface IUser {
imageUrl?: string; imageUrl?: string;
accountType?: AccountType; accountType?: AccountType;
scimId?: string; scimId?: string;
deletedSessions?: number;
activeSessions?: number;
} }
export type MinimalUser = Pick< export type MinimalUser = Pick<

76
src/test/e2e/services/user-service.e2e.test.ts
View File

@ -18,6 +18,7 @@ import PasswordMismatch from '../../../lib/error/password-mismatch';
import type { EventService } from '../../../lib/services'; import type { EventService } from '../../../lib/services';
import { import {
CREATE_ADDON, CREATE_ADDON,
type IFlagResolver,
type IUnleashStores, type IUnleashStores,
type IUserStore, type IUserStore,
SYSTEM_USER_AUDIT, SYSTEM_USER_AUDIT,
@ -45,6 +46,8 @@ let eventService: EventService;
let accessService: AccessService; let accessService: AccessService;
let eventBus: EventEmitter; let eventBus: EventEmitter;
const allowedSessions = 2;
beforeAll(async () => { beforeAll(async () => {
db = await dbInit('user_service_serial', getLogger); db = await dbInit('user_service_serial', getLogger);
stores = db.stores; stores = db.stores;
@ -63,14 +66,31 @@ beforeAll(async () => {
sessionService = new SessionService(stores, config); sessionService = new SessionService(stores, config);
settingService = new SettingService(stores, config, eventService); settingService = new SettingService(stores, config, eventService);
userService = new UserService(stores, config, { const flagResolver = {
accessService, isEnabled() {
resetTokenService, return true;
emailService, },
eventService, getVariant() {
sessionService, return {
settingService, feature_enabled: true,
}); payload: {
value: String(allowedSessions),
},
};
},
} as unknown as IFlagResolver;
userService = new UserService(
stores,
{ ...config, flagResolver },
{
accessService,
resetTokenService,
emailService,
eventService,
sessionService,
settingService,
},
);
userStore = stores.userStore; userStore = stores.userStore;
const rootRoles = await accessService.getRootRoles(); const rootRoles = await accessService.getRootRoles();
adminRole = rootRoles.find((r) => r.name === RoleName.ADMIN)!; adminRole = rootRoles.find((r) => r.name === RoleName.ADMIN)!;
@ -95,8 +115,9 @@ afterAll(async () => {
await db.destroy(); await db.destroy();
}); });
afterEach(async () => { beforeEach(async () => {
await userStore.deleteAll(); await userStore.deleteAll();
await settingService.deleteAll();
}); });
test('should create initial admin user', async () => { test('should create initial admin user', async () => {
@ -361,6 +382,43 @@ test("deleting a user should delete the user's sessions", async () => {
expect(noSessions.length).toBe(0); expect(noSessions.length).toBe(0);
}); });
test('user login should remove stale sessions', async () => {
const email = 'some@test.com';
const user = await userService.createUser(
{
email,
password: 'A very strange P4ssw0rd_',
rootRole: adminRole.id,
},
TEST_AUDIT_USER,
);
const userSession = (index: number) => ({
sid: `sid${index}`,
sess: {
cookie: {
originalMaxAge: minutesToMilliseconds(48),
expires: addDays(Date.now(), 1).toDateString(),
secure: false,
httpOnly: true,
path: '/',
},
user,
},
});
for (let i = 0; i < allowedSessions; i++) {
await sessionService.insertSession(userSession(i));
}
const loggedInUser = await userService.loginUser(
email,
'A very strange P4ssw0rd_',
);
expect(loggedInUser.deletedSessions).toBe(1);
expect(loggedInUser.activeSessions).toBe(allowedSessions);
});
test('updating a user without an email should not strip the email', async () => { test('updating a user without an email should not strip the email', async () => {
const email = 'some@test.com'; const email = 'some@test.com';
const user = await userService.createUser( const user = await userService.createUser(