diff options
| author | Rick Batka <rick.batka@gmail.com> | 2017-10-16 23:50:31 -0400 |
|---|---|---|
| committer | Chris <ccbrown112@gmail.com> | 2017-10-16 20:50:31 -0700 |
| commit | 89dc3cb126ba46b486997c433adfdf34982fcc81 (patch) | |
| tree | 57ed40c1c193aeec17cea8ab7f7e52d63e44fad4 /api4/user.go | |
| parent | a649602fc373615665ae2eaec95a4e9063eb699d (diff) | |
| download | chat-89dc3cb126ba46b486997c433adfdf34982fcc81.tar.gz chat-89dc3cb126ba46b486997c433adfdf34982fcc81.tar.bz2 chat-89dc3cb126ba46b486997c433adfdf34982fcc81.zip | |
[PLT-7396] Add the ability to revoke user sessions in System Console > Users #7493 (#7623)
* add endpoint and tests for revoking all sessions for a user
* fix failing test build
Diffstat (limited to 'api4/user.go')
| -rw-r--r-- | api4/user.go | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/api4/user.go b/api4/user.go index ae1b2418c..07f223bd6 100644 --- a/api4/user.go +++ b/api4/user.go @@ -53,6 +53,7 @@ func (api *API) InitUser() { api.BaseRoutes.User.Handle("/sessions", api.ApiSessionRequired(getSessions)).Methods("GET") api.BaseRoutes.User.Handle("/sessions/revoke", api.ApiSessionRequired(revokeSession)).Methods("POST") + api.BaseRoutes.User.Handle("/sessions/revoke/all", api.ApiSessionRequired(revokeAllSessionsForUser)).Methods("POST") api.BaseRoutes.Users.Handle("/sessions/device", api.ApiSessionRequired(attachDeviceId)).Methods("PUT") api.BaseRoutes.User.Handle("/audits", api.ApiSessionRequired(getUserAudits)).Methods("GET") @@ -986,6 +987,25 @@ func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) { ReturnStatusOK(w) } +func revokeAllSessionsForUser(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireUserId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + if err := c.App.RevokeAllSessions(c.Params.UserId); err != nil { + c.Err = err + return + } + + ReturnStatusOK(w) +} + func attachDeviceId(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJson(r.Body) |