Marking user disabled logs them out

Author: CarsonF

src/core/authentication/authentication.gel.repository.ts

@@ -280,4 +280,18 @@ export class AuthenticationGelRepository
         set: { user: null },
       })),
   );
+
+  async deactivateAllSessions(user: ID<'User'>) {
+    await this.db.run(this.deactivateAllSessionsQuery, { user });
+  }
+  private readonly deactivateAllSessionsQuery = e.params(
+    { user: e.uuid },
+    ($) => {
+      const user = e.cast(e.User, $.user);
+      return e.update(e.Auth.Session, (s) => ({
+        filter: e.op(s.user, '=', user),
+        set: { user: null },
+      }));
+    },
+  );
 }

src/core/authentication/authentication.module.ts

@@ -6,6 +6,7 @@ import { AuthenticationGelRepository } from './authentication.gel.repository';
 import { AuthenticationRepository } from './authentication.repository';
 import { AuthenticationService } from './authentication.service';
 import { CryptoService } from './crypto.service';
+import { DisablingUserLogsThemOutHandler } from './handlers/disabling-user-logs-them-out.handler';
 import { Identity } from './identity.service';
 import { JwtService } from './jwt.service';
 import { LoginResolver } from './resolvers/login.resolver';
@@ -38,6 +39,8 @@ import { SessionManager } from './session/session.manager';
     splitDb(AuthenticationRepository, AuthenticationGelRepository),
     JwtService,
     CryptoService,
+
+    DisablingUserLogsThemOutHandler,
   ],
   exports: [Identity],
 })

src/core/authentication/authentication.repository.ts

@@ -360,6 +360,18 @@ export class AuthenticationRepository {
       .run();
   }
 
+  async deactivateAllSessions(user: ID<'User'>) {
+    await this.db
+      .query()
+      .match([
+        node('user', 'User', { id: user }),
+        relation('out', 'oldRel', 'token', ACTIVE),
+        node('token', 'Token'),
+      ])
+      .setValues({ 'oldRel.active': false })
+      .run();
+  }
+
   @OnIndex()
   private createIndexes() {
     return [

src/core/authentication/authentication.service.ts

@@ -102,6 +102,10 @@ export class AuthenticationService {
     refresh && (await this.sessionManager.refreshCurrentSession());
   }
 
+  async logoutByUser(user: ID<'User'>) {
+    await this.repo.deactivateAllSessions(user);
+  }
+
   async changePassword(
     oldPassword: string,
     newPassword: string,

src/core/authentication/handlers/disabling-user-logs-them-out.handler.ts

@@ -0,0 +1,13 @@
+import { EventsHandler } from '~/core';
+import { UserUpdatedEvent } from '../../../components/user/events/user-updated.event';
+import { AuthenticationService } from '../authentication.service';
+
+@EventsHandler(UserUpdatedEvent)
+export class DisablingUserLogsThemOutHandler {
+  constructor(private readonly auth: AuthenticationService) {}
+  async handle({ input, updated: user }: UserUpdatedEvent) {
+    if (input.status === 'Disabled') {
+      await this.auth.logoutByUser(user.id);
+    }
+  }
+}