Commit Graph

5 Commits

Author SHA1 Message Date
Adrian Gruntkowski
714c036757
Implement listing user sessions in user settings (#4588)
* Implement listing user sessions in user settings

* Make copy adjustments (h/t @metmarkosaric)

* Make warning button text color more consistent across user settings

* Add tests for `UserAuth.revoke_user_session/2`

* Test and improve `Auth.UserSessions`

* Test and improve controller actions

* Update CHANGELOG.md
2024-09-30 11:03:08 +00:00
Adrian Gruntkowski
f7bbbf8c33
Remove support for legacy user sessions (#4540)
* Remove support for legacy user sessions

* Implement revoking all sessions for a given user

* Revoke all user sessions on password reset

* Add tests for revoking all user sessions on password reset

* Reload page when dashboard API request fails with 404

* Revert "Reload page when dashboard API request fails with 404"

This reverts commit 77d1a1035658915f9afe538afc5fb9a3da0ec905.
2024-09-17 07:31:41 +00:00
hq1
53d94b5b1b
Remove custom background from "Choose Plan" page (#4516)
* Remove custom background on "Choose Plan" page

* Avoid `UserAuth` test failing due to bad timing

---------

Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
2024-09-03 13:17:26 +02:00
Adrian Gruntkowski
373d4dd665
Implement token-based sessions (#4463)
* Turn `Plausible.Auth.UserSession` into full schema

* Implement token based sessions and use them as default

* Ignore expired user sessions during retrieval from DB

* Implement plug bumping user session last used and timeout timestamps

* Implement Oban worker removing expired user sessions with grace period

* Implement legacy session conversion on touch, when applicable

* Update `UserAuth` moduledoc

* Extend `UserAuth` tests to account for db-backed session tokens

* Update CHANGELOG

* Add tests for `UserSessionTouch` plug

* Add test for `CleanUserSessions` worker

* Add logging of legacy session retrievals

* Use single update permitting stale records  when touching user session

* Don't fetch session and user for external API endpoints (/api/event too)

* Refactor `Users.with_subscription/1` and expose helper query

* Skip fetching session in legacy `SessionTimeoutPlug`

* Rely on user session assign from `AuthContext` in `SentryContext`

* Silence legacy session warnings in `UserSessionTouchTest`

* Rely on session assign from `AuthPlug` in `SuperAdminOnlyPlug`

* Change `UserAuth` to get session, user and last subscription in one go

* Avoid refetching user session in `AuthorizeSiteAccess` plug

* Fix code formatting

* Refactor `UserAuth.get_user_token/1` (h/t @aerosol)

* Remove bogus empty opts from `scope` declarations in router

* Only touch session once an hour and keep `user.last_seen` in sync

* Bring back logging of legacy token use
2024-09-03 11:34:37 +02:00
Adrian Gruntkowski
bd93cf3b46
Refactor and consolidate user session logic (#4452)
* Extract session management from AuthController

* Don't explicitly pass `current_user_id` to `live_render`'s session

* Add ability to retrieve session and user from token via `UserAuth`

* Always fetch current user (or just id) via `UserAuth` API

* Introduce `UserSession` as an embedded schema for now

* Make `UserAuth.get_user/1` accept `UserSession` as an input

* Introduce LV auth context populating user data from session on mount

* Refactor `AuthPlug` and make it populate `current_user_session` as well

* Rely on authenticated user data provided by auth plug or LV context

* Make `Sites.get_for_user(!)` accept `User` struct as well

* Set `logged_in` cookie explicitly when it's out of sync with session

* Expand modules documentation a bit

* Improve and extend tests slightly
2024-08-23 10:53:33 +02:00