From 4e7dbc3bb0e93bafa684594b19c5648dc030ee17 Mon Sep 17 00:00:00 2001
From: Ruzette Tanyag <ruzette@users.noreply.github.com>
Date: Fri, 17 Feb 2017 10:31:01 -0500
Subject: Implement user sessions endpoints for APIv4 (#5449)

* added get session and revoke session endpoints, unittests and drivers

* removed BasicUser2 and added teardown

* added badrequest unit test case for sessions

* added session loop to check if user id and session user id matches

* fixed indentation issues for user_test

* match indentation from spaces to tabs
---
 api4/user.go | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

(limited to 'api4/user.go')

diff --git a/api4/user.go b/api4/user.go
index e394b9661..5337cedf0 100644
--- a/api4/user.go
+++ b/api4/user.go
@@ -34,6 +34,9 @@ func InitUser() {
 	BaseRoutes.UserByUsername.Handle("", ApiSessionRequired(getUserByUsername)).Methods("GET")
 	BaseRoutes.UserByEmail.Handle("", ApiSessionRequired(getUserByEmail)).Methods("GET")
 
+	BaseRoutes.User.Handle("/sessions", ApiSessionRequired(getSessions)).Methods("GET")
+	BaseRoutes.User.Handle("/sessions/revoke", ApiSessionRequired(revokeSession)).Methods("POST")
+
 }
 
 func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -476,3 +479,53 @@ func Logout(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	ReturnStatusOK(w)
 }
+
+func getSessions(c *Context, w http.ResponseWriter, r *http.Request) {
+    c.RequireUserId()
+    if c.Err != nil {
+        return
+    }
+
+    if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+        c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
+        return
+    }
+
+    if sessions, err := app.GetSessions(c.Params.UserId); err != nil {
+        c.Err = err
+        return
+    } else {
+        for _, session := range sessions {
+            session.Sanitize()
+        }
+
+        w.Write([]byte(model.SessionsToJson(sessions)))
+        return
+    }
+}
+
+func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) {
+    c.RequireUserId()
+    if c.Err != nil {
+        return
+    }
+
+    if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+        c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
+        return
+    }
+
+    props := model.MapFromJson(r.Body)
+    sessionId := props["session_id"]
+
+    if sessionId == "" {
+        c.SetInvalidParam("session_id")
+    }
+
+    if err := app.RevokeSessionById(sessionId); err != nil {
+        c.Err = err
+        return
+    }
+
+    ReturnStatusOK(w)
+}
\ No newline at end of file
-- 
cgit v1.2.3-1-g7c22