Merge pull request #5529 from overleaf/revert-5484-tm-show-current-session

Revert "Show current session on user sessions page"

GitOrigin-RevId: 80e4c667d96b2016066657dc74d9f27d6b52b6f8
This commit is contained in:
Thomas 2021-10-20 21:03:18 +02:00 committed by Copybot
parent 7996f90c7b
commit 42fa5e28ed
8 changed files with 25 additions and 73 deletions

View file

@ -22,7 +22,6 @@ const { expressify } = require('../../util/promises')
const { const {
acceptsJson, acceptsJson,
} = require('../../infrastructure/RequestContentTypeDetection') } = require('../../infrastructure/RequestContentTypeDetection')
const _ = require('lodash')
async function _sendSecurityAlertClearedSessions(user) { async function _sendSecurityAlertClearedSessions(user) {
const emailOptions = { const emailOptions = {
@ -133,11 +132,7 @@ async function clearSessions(req, res, next) {
'clear-sessions', 'clear-sessions',
user._id, user._id,
req.ip, req.ip,
{ { sessions }
sessions: sessions.map(
session => _.pick(session, ['ip_address', 'session_created']) // omit other session data from log
),
}
) )
await UserSessionsManager.promises.revokeAllUserSessions(user, [ await UserSessionsManager.promises.revokeAllUserSessions(user, [
req.sessionID, req.sessionID,

View file

@ -137,7 +137,10 @@ const UserPagesController = {
sessionsPage(req, res, next) { sessionsPage(req, res, next) {
const user = SessionManager.getSessionUser(req.session) const user = SessionManager.getSessionUser(req.session)
logger.log({ userId: user._id }, 'loading sessions page') logger.log({ userId: user._id }, 'loading sessions page')
UserSessionsManager.getAllUserSessions(user, (err, sessions) => { UserSessionsManager.getAllUserSessions(
user,
[req.sessionID],
(err, sessions) => {
if (err != null) { if (err != null) {
OError.tag(err, 'error getting all user sessions', { OError.tag(err, 'error getting all user sessions', {
userId: user._id, userId: user._id,
@ -146,10 +149,10 @@ const UserPagesController = {
} }
res.render('user/sessions', { res.render('user/sessions', {
title: 'sessions', title: 'sessions',
sessions: sessions.filter(session => session.id !== req.sessionID), sessions,
currentSession: sessions.find(session => session.id === req.sessionID),
})
}) })
}
)
}, },
_restructureThirdPartyIds(user) { _restructureThirdPartyIds(user) {

View file

@ -77,10 +77,6 @@ const UserSessionsManager = {
}, },
getAllUserSessions(user, exclude, callback) { getAllUserSessions(user, exclude, callback) {
if (typeof exclude === 'function') {
callback = exclude
exclude = []
}
exclude = _.map(exclude, UserSessionsManager._sessionKey) exclude = _.map(exclude, UserSessionsManager._sessionKey)
const sessionSetKey = UserSessionsRedis.sessionSetKey(user) const sessionSetKey = UserSessionsRedis.sessionSetKey(user)
rclient.smembers(sessionSetKey, function (err, sessionKeys) { rclient.smembers(sessionSetKey, function (err, sessionKeys) {
@ -98,14 +94,7 @@ const UserSessionsManager = {
Async.mapSeries( Async.mapSeries(
sessionKeys, sessionKeys,
(k, cb) => { (k, cb) => rclient.get(k, cb),
rclient.get(k, (err, res) => {
if (err) {
return cb(err)
}
cb(null, { id: k, data: res })
})
},
function (err, sessions) { function (err, sessions) {
if (err) { if (err) {
OError.tag(err, 'error getting all sessions for user from redis', { OError.tag(err, 'error getting all sessions for user from redis', {
@ -115,18 +104,17 @@ const UserSessionsManager = {
} }
const result = [] const result = []
for (const session of Array.from(sessions)) { for (let session of Array.from(sessions)) {
if (!session) { if (!session) {
continue continue
} }
const sessionData = JSON.parse(session.data) session = JSON.parse(session)
let sessionUser = sessionData.passport && sessionData.passport.user let sessionUser = session.passport && session.passport.user
if (!sessionUser) { if (!sessionUser) {
sessionUser = sessionData.user sessionUser = session.user
} }
result.push({ result.push({
id: session.id.replace('sess:', ''),
ip_address: sessionUser.ip_address, ip_address: sessionUser.ip_address,
session_created: sessionUser.session_created, session_created: sessionUser.session_created,
}) })

View file

@ -9,19 +9,6 @@ block content
.page-header .page-header
h1 #{translate("your_sessions")} h1 #{translate("your_sessions")}
if currentSession
h3 #{translate("current_session")}
div
table.table.table-striped
thead
tr
th #{translate("ip_address")}
th #{translate("session_created_at")}
tr
td #{currentSession.ip_address}
td #{moment(currentSession.session_created).utc().format('Do MMM YYYY, h:mm a')} UTC
h3 #{translate("other_sessions")}
div div
p.small p.small
| !{translate("clear_sessions_description")} | !{translate("clear_sessions_description")}

View file

@ -625,8 +625,6 @@
"clear_sessions_success": "Sessions Cleared", "clear_sessions_success": "Sessions Cleared",
"sessions": "Sessions", "sessions": "Sessions",
"manage_sessions": "Manage Your Sessions", "manage_sessions": "Manage Your Sessions",
"current_session": "Current Session",
"other_sessions": "Other Sessions",
"syntax_validation": "Code check", "syntax_validation": "Code check",
"history": "History", "history": "History",
"joining": "Joining", "joining": "Joining",

View file

@ -74,7 +74,7 @@ describe('UserController', function () {
untrackSession: sinon.stub(), untrackSession: sinon.stub(),
revokeAllUserSessions: sinon.stub().callsArgWith(2, null), revokeAllUserSessions: sinon.stub().callsArgWith(2, null),
promises: { promises: {
getAllUserSessions: sinon.stub().resolves([]), getAllUserSessions: sinon.stub().resolves(),
revokeAllUserSessions: sinon.stub().resolves(), revokeAllUserSessions: sinon.stub().resolves(),
}, },
} }
@ -621,25 +621,6 @@ describe('UserController', function () {
this.UserController.clearSessions(this.req, this.res) this.UserController.clearSessions(this.req, this.res)
}) })
it('should include only relevant session data in the audit log', function (done) {
this.UserSessionsManager.promises.getAllUserSessions.resolves([
{ id: 'session-id', ip_address: 'ip', session_created: 'created' },
])
this.res.sendStatus.callsFake(status => {
this.UserAuditLogHandler.promises.addEntry.callCount.should.equal(1)
const addEntryCall = this.UserAuditLogHandler.promises.addEntry
.lastCall
expect(addEntryCall.args[4].sessions).to.be.instanceOf(Array)
expect(addEntryCall.args[4].sessions[0]).to.have.keys([
'ip_address',
'session_created',
])
expect(addEntryCall.args[4].sessions[0]).to.not.have.keys(['id'])
done()
})
this.UserController.clearSessions(this.req, this.res)
})
}) })
describe('errors', function () { describe('errors', function () {

View file

@ -154,7 +154,7 @@ describe('UserPagesController', function () {
describe('sessionsPage', function () { describe('sessionsPage', function () {
beforeEach(function () { beforeEach(function () {
return this.UserSessionsManager.getAllUserSessions.callsArgWith( return this.UserSessionsManager.getAllUserSessions.callsArgWith(
1, 2,
null, null,
[] []
) )
@ -179,7 +179,7 @@ describe('UserPagesController', function () {
describe('when getAllUserSessions produces an error', function () { describe('when getAllUserSessions produces an error', function () {
beforeEach(function () { beforeEach(function () {
return this.UserSessionsManager.getAllUserSessions.callsArgWith( return this.UserSessionsManager.getAllUserSessions.callsArgWith(
1, 2,
new Error('woops') new Error('woops')
) )
}) })

View file

@ -606,8 +606,8 @@ describe('UserSessionsManager', function () {
it('should get sessions', function (done) { it('should get sessions', function (done) {
return this.call((err, sessions) => { return this.call((err, sessions) => {
expect(sessions).to.deep.equal([ expect(sessions).to.deep.equal([
{ id: 'one', ip_address: 'a', session_created: 'b' }, { ip_address: 'a', session_created: 'b' },
{ id: 'three', ip_address: 'c', session_created: 'd' }, { ip_address: 'c', session_created: 'd' },
]) ])
return done() return done()
}) })