fix: remove sessions of suspended users

Fixes: #394 Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
2025-02-03 10:43:03 +01:00 · 2022-09-23 13:31:50 +01:00 · 2022-09-23 13:31:50 +01:00 · 0dddaeeb98
commit 0dddaeeb98
parent 30e72d2db5
3 changed files with 80 additions and 8 deletions
--- a/aurweb/routers/accounts.py
+++ b/aurweb/routers/accounts.py
@ -412,6 +412,7 @@ async def account_edit_post(
    TZ: str = Form(aurweb.config.get("options", "default_timezone")),
    P: str = Form(default=str()),  # New Password
    C: str = Form(default=None),  # Password Confirm
+    S: bool = Form(default=False),  # Suspended
    PK: str = Form(default=None),  # PubKey
    CN: bool = Form(default=False),  # Comment Notify
    UN: bool = Form(default=False),  # Update Notify
@ -455,6 +456,7 @@ async def account_edit_post(
        update.ssh_pubkey,
        update.account_type,
        update.password,
+        update.suspend,
    ]

    # These update functions are all guarded by retry_deadlock;
--- a/aurweb/users/update.py
+++ b/aurweb/users/update.py
@ -134,3 +134,19 @@ def password(
            # If the target user is the request user, login with
            # the updated password to update the Session record.
            user.login(request, P, cookies.timeout(remember_me))
+
+
+@db.retry_deadlock
+def suspend(
+    S: bool = False,
+    request: Request = None,
+    user: models.User = None,
+    context: dict[str, Any] = {},
+    **kwargs,
+) -> None:
+    if S and user.session:
+        context["S"] = None
+        with db.begin():
+            db.delete_all(
+                db.query(models.Session).filter(models.Session.UsersID == user.ID)
+            )