mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-11-28 14:03:48 +03:00
75bb53f065
fixes https://github.com/TryGhost/Product/issues/3738 https://www.notion.so/ghost/Member-Session-Invalidation-13254316f2244c34bcbc65c101eb5cc4 - Adds the transient_id column to the members table. This defaults to email, to keep it backwards compatible (not logging out all existing sessions) - Instead of using the email in the cookies, we now use the transient_id - Updating the transient_id means invalidating all sessions of a member - Adds an endpoint to the admin api to log out a member from all devices - Added the `all` body property to the DELETE session endpoint in the members API. Setting it to true will sign a member out from all devices. - Adds a UI button in Admin to sign a member out from all devices - Portal 'sign out of all devices' will not be added for now Related changes (added because these areas were affected by the code changes): - Adds a serializer to member events / activity feed endpoints - all member fields were returned here, so the transient_id would also be returned - which is not needed and bloats the API response size (`transient_id` is not a secret because the cookies are signed) - Removed `loadMemberSession` from public settings browse (not used anymore + bad pattern) Performance tests on site with 50.000 members (on Macbook M1 Pro): - Migrate: 6s (adding column 4s, setting to email is 1s, dropping nullable: 1s) - Rollback: 2s |
||
|---|---|---|
| .. | ||
| action.js | ||
| api-key.js | ||
| base.js | ||
| collection.js | ||
| custom-theme-setting-list.js | ||
| custom-theme-setting.js | ||
| email.js | ||
| integration.js | ||
| invite.js | ||
| label.js | ||
| member-subscription.js | ||
| member-tier.js | ||
| member.js | ||
| mention.js | ||
| navigation-item.js | ||
| newsletter.js | ||
| notification.js | ||
| offer.js | ||
| page.js | ||
| post-revision.js | ||
| post.js | ||
| role.js | ||
| setting.js | ||
| snippet.js | ||
| tag.js | ||
| theme.js | ||
| tier-benefit-item.js | ||
| tier.js | ||
| user.js | ||
| webhook.js | ||