feat(web,server): logout all devices (#2415)

* feat: logout all devices * chore: regenerate openapi * chore: add test * chore: logout vs log out
2025-10-29 17:40:28 +00:00 · 2023-05-09 15:34:17 -04:00
parent c956eee919
commit a808b9403e
11 changed files with 241 additions and 4 deletions
--- a/server/apps/immich/src/controllers/auth.controller.ts
+++ b/server/apps/immich/src/controllers/auth.controller.ts
@@ -52,6 +52,12 @@ export class AuthController {
    return this.service.getDevices(authUser);
  }

+  @Authenticated()
+  @Delete('devices')
+  logoutAuthDevices(@GetAuthUser() authUser: AuthUserDto): Promise<void> {
+    return this.service.logoutDevices(authUser);
+  }
+
  @Authenticated()
  @Delete('devices/:id')
  logoutAuthDevice(@GetAuthUser() authUser: AuthUserDto, @Param() { id }: UUIDParamDto): Promise<void> {
--- a/server/immich-openapi-specs.json
+++ b/server/immich-openapi-specs.json
@@ -393,6 +393,29 @@
            "api_key": []
          }
        ]
+      },
+      "delete": {
+        "operationId": "logoutAuthDevices",
+        "parameters": [],
+        "responses": {
+          "200": {
+            "description": ""
+          }
+        },
+        "tags": [
+          "Authentication"
+        ],
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ]
      }
    },
    "/auth/devices/{id}": {
--- a/server/libs/domain/src/auth/auth.service.spec.ts
+++ b/server/libs/domain/src/auth/auth.service.spec.ts
@@ -357,6 +357,18 @@ describe('AuthService', () => {
    });
  });

+  describe('logoutDevices', () => {
+    it('should logout all devices', async () => {
+      userTokenMock.getAll.mockResolvedValue([userTokenEntityStub.inactiveToken, userTokenEntityStub.userToken]);
+
+      await sut.logoutDevices(authStub.user1);
+
+      expect(userTokenMock.getAll).toHaveBeenCalledWith(authStub.user1.id);
+      expect(userTokenMock.delete).toHaveBeenCalledWith(authStub.user1.id, 'not_active');
+      expect(userTokenMock.delete).not.toHaveBeenCalledWith(authStub.user1.id, 'token-id');
+    });
+  });
+
  describe('logoutDevice', () => {
    it('should logout the device', async () => {
      await sut.logoutDevice(authStub.user1, 'token-1');
--- a/server/libs/domain/src/auth/auth.service.ts
+++ b/server/libs/domain/src/auth/auth.service.ts
@@ -163,6 +163,16 @@ export class AuthService {
    await this.userTokenCore.delete(authUser.id, deviceId);
  }

+  async logoutDevices(authUser: AuthUserDto): Promise<void> {
+    const devices = await this.userTokenCore.getAll(authUser.id);
+    for (const device of devices) {
+      if (device.id === authUser.accessTokenId) {
+        continue;
+      }
+      await this.userTokenCore.delete(authUser.id, device.id);
+    }
+  }
+
  private getBearerToken(headers: IncomingHttpHeaders): string | null {
    const [type, token] = (headers.authorization || '').split(' ');
    if (type.toLowerCase() === 'bearer') {