From ec4739b452bc6e9e9686f2fa3bc39453bd9bc51f Mon Sep 17 00:00:00 2001
From: Bryce Boe <bbzbryce@gmail.com>
Date: Sat, 7 Jan 2012 17:12:46 -0800
Subject: [PATCH] Feature: Log out of other sessions

Currently the only way to log out of all sessions is to change your
password. Of course you can change your password to itself, however, this pull
request makes it a bit more explicit.

Underneath the covers it forces a change in the password salt by simply
changing the password to itself.
---
 r2/r2/controllers/api.py           | 19 +++++++++++++++++++
 r2/r2/templates/useriphistory.html | 21 ++++++++++++++++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/r2/r2/controllers/api.py b/r2/r2/controllers/api.py
index 808aeda32..c65ca6663 100644
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -590,6 +590,25 @@ class ApiController(RedditController):
         c.user.add_friend_note(friend, note)
         form.set_html('.status', _("saved"))
 
+    @validatedForm(VUser('curpass', default=''),
+                   VModhash(),
+                   password = VPassword(['curpass', 'curpass']),
+                   dest = VDestination())
+    def POST_clear_sessions(self, form, jquery, password, dest):
+        """Clear all session cookies and update the current one."""
+        # password is required to proceed
+        if form.has_errors("curpass", errors.WRONG_PASSWORD):
+            return
+
+        form.set_html('.status',
+                      _('all other sessions have been logged out'))
+        form.set_inputs(curpass = "")
+        # run the change password command to get a new salt
+        change_password(c.user, password)
+        # the password salt has changed, so the user's cookie has been
+        # invalidated.  drop a new cookie.
+        self.login(c.user)
+
     @validatedForm(VUser('curpass', default = ''),
                    VModhash(),
                    email = ValidEmails("email", num = 1),
diff --git a/r2/r2/templates/useriphistory.html b/r2/r2/templates/useriphistory.html
index 5fed1c4ed..2d84ac27f 100644
--- a/r2/r2/templates/useriphistory.html
+++ b/r2/r2/templates/useriphistory.html
@@ -20,7 +20,9 @@
 ## CondeNet, Inc. All Rights Reserved.
 ################################################################################
 
-<%namespace file="utils.html" import="timestamp"/>
+<%namespace file="utils.html" import="error_field, timestamp"/>
+<%namespace name="utils" file="utils.html"/>
+
 <%
     from r2.lib.strings import strings
     ip_format = {'address': request.ip}
@@ -53,3 +55,20 @@
 </table>
 </div>
 
+<hr/>
+
+<h1>${_("Log out of all other sessions")}</h1>
+
+<form action="/post/clear_sessions" method="post"
+      onsubmit="return post_form(this, 'clear_sessions')" id="clear_sessions">
+
+<div class="spacer">
+  <%utils:round_field title="${_('current password')}" description="${_('(required)')}">
+  <input type="password" name="curpass" />
+  ${error_field("WRONG_PASSWORD", "curpass")}
+  </%utils:round_field>
+</div>
+<button type="submit" class="btn">${_('clear sessions')}</button>
+<span class="status error"></span>
+
+</form>