fix #4638 - add Logout Everywhere option to User Profile

2024-09-20 15:18:25 -04:00
parent 8cdcdaf6d9
commit b7928a5255
12 changed files with 85 additions and 18 deletions
--- a/Oqtane.Client/Modules/Admin/Login/Index.razor
+++ b/Oqtane.Client/Modules/Admin/Login/Index.razor
@ -209,7 +209,7 @@ else

                if (user != null && user.IsAuthenticated)
                {
-                    await logger.LogInformation(LogFunction.Security, "Login Successful For Username {Username}", _username);
+                    await logger.LogInformation(LogFunction.Security, "Login Successful For {Username} From IP Address {IPAddress}", _username, SiteState.RemoteIPAddress);

                    // return url is not specified if user navigated directly to login page
                    var returnurl = (!string.IsNullOrEmpty(PageState.ReturnUrl)) ? PageState.ReturnUrl : PageState.Alias.Path;
--- a/Oqtane.Client/Modules/Admin/UserProfile/Index.razor
+++ b/Oqtane.Client/Modules/Admin/UserProfile/Index.razor
@ -9,6 +9,8 @@
@inject INotificationService NotificationService
@inject IFileService FileService
@inject IFolderService FolderService
+@inject IJSRuntime jsRuntime
+@inject IServiceProvider ServiceProvider
@inject IStringLocalizer<Index> Localizer
@inject IStringLocalizer<SharedResources> SharedLocalizer

@ -84,6 +86,7 @@
            <br />
            <button type="button" class="btn btn-success" @onclick="Save">@SharedLocalizer["Save"]</button>
            <button type="button" class="btn btn-secondary" @onclick="Cancel">@SharedLocalizer["Cancel"]</button>
+            <button type="button" class="btn btn-danger" @onclick="Logout">@Localizer["Logout Everywhere"]</button>
        </TabPanel>
        <TabPanel Name="Profile" ResourceKey="Profile">
            <div class="container">
@ -518,6 +521,32 @@
        }
    }

+    private async Task Logout()
+    {
+        await logger.LogInformation("User Logout Everywhere For Username {Username}", PageState.User?.Username);
+
+        var url = NavigateUrl(""); // home page
+
+        if (PageState.Runtime == Shared.Runtime.Hybrid)
+        {
+            if (PageState.User != null)
+            {
+                // hybrid apps utilize an interactive logout
+                await UserService.LogoutUserEverywhereAsync(PageState.User);
+                var authstateprovider = (IdentityAuthenticationStateProvider)ServiceProvider.GetService(typeof(IdentityAuthenticationStateProvider));
+                authstateprovider.NotifyAuthenticationChanged();
+                NavigationManager.NavigateTo(url, true);
+            }
+        }
+        else
+        {
+            // post to the Logout page to complete the logout process
+            var fields = new { __RequestVerificationToken = SiteState.AntiForgeryToken, returnurl = url, everywhere = true };
+            var interop = new Interop(jsRuntime);
+            await interop.SubmitForm(Utilities.TenantUrl(PageState.Alias, "/pages/logout/"), fields);
+        }
+    }
+
    private bool ValidateProfiles()
    {
        foreach (Profile profile in profiles)
--- a/Oqtane.Client/Resources/Modules/Admin/UserProfile/Index.resx
+++ b/Oqtane.Client/Resources/Modules/Admin/UserProfile/Index.resx
@ -243,4 +243,7 @@
  <data name="NoNotificationsSent.Text" xml:space="preserve">
    <value>No notifications have been sent</value>
  </data>
+  <data name="Logout Everywhere" xml:space="preserve">
+    <value>Logout Everywhere</value>
+  </data>
 </root>
--- a/Oqtane.Client/Services/Interfaces/IUserService.cs
+++ b/Oqtane.Client/Services/Interfaces/IUserService.cs
@ -75,6 +75,13 @@ namespace Oqtane.Services
        /// <returns></returns>
        Task LogoutUserAsync(User user);

+        /// <summary>
+        /// Logout a <see cref="User"/>
+        /// </summary>
+        /// <param name="user"></param>
+        /// <returns></returns>
+        Task LogoutUserEverywhereAsync(User user);
+
        /// <summary>
        /// Update e-mail verification status of a user.
        /// </summary>
--- a/Oqtane.Client/Services/UserService.cs
+++ b/Oqtane.Client/Services/UserService.cs
@ -61,10 +61,14 @@ namespace Oqtane.Services

        public async Task LogoutUserAsync(User user)
        {
-            // best practices recommend post is preferrable to get for logout
            await PostJsonAsync($"{Apiurl}/logout", user);
        }

+        public async Task LogoutUserEverywhereAsync(User user)
+        {
+            await PostJsonAsync($"{Apiurl}/logouteverywhere", user);
+        }
+
        public async Task<User> VerifyEmailAsync(User user, string token)
        {
            return await PostJsonAsync<User>($"{Apiurl}/verify?token={token}", user);
--- a/Oqtane.Client/UI/Routes.razor
+++ b/Oqtane.Client/UI/Routes.razor
@ -61,7 +61,6 @@
    {
        SiteState.AntiForgeryToken = AntiForgeryToken;
        SiteState.AuthorizationToken = AuthorizationToken;
-        SiteState.RemoteIPAddress = (_pageState != null) ? _pageState.RemoteIPAddress : "";
        SiteState.Platform = Platform;
        SiteState.IsPrerendering = (HttpContext != null) ? true : false;

@ -80,6 +79,7 @@
            {
                _pageState = PageState;
                SiteState.Alias = PageState.Alias;
+                SiteState.RemoteIPAddress = (PageState != null) ? PageState.RemoteIPAddress : "";
                _installed = true;
            }
        }