feat(web,server): logout all devices (#2415)

* feat: logout all devices

* chore: regenerate openapi

* chore: add test

* chore: logout vs log out

server/apps/immich/src/controllers/auth.controller.ts

@@ -52,6 +52,12 @@ export class AuthController {
     return this.service.getDevices(authUser);
   }
 
+  @Authenticated()
+  @Delete('devices')
+  logoutAuthDevices(@GetAuthUser() authUser: AuthUserDto): Promise<void> {
+    return this.service.logoutDevices(authUser);
+  }
+
   @Authenticated()
   @Delete('devices/:id')
   logoutAuthDevice(@GetAuthUser() authUser: AuthUserDto, @Param() { id }: UUIDParamDto): Promise<void> {

server/immich-openapi-specs.json

@@ -393,6 +393,29 @@
             "api_key": []
           }
         ]
+      },
+      "delete": {
+        "operationId": "logoutAuthDevices",
+        "parameters": [],
+        "responses": {
+          "200": {
+            "description": ""
+          }
+        },
+        "tags": [
+          "Authentication"
+        ],
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ]
       }
     },
     "/auth/devices/{id}": {

server/libs/domain/src/auth/auth.service.spec.ts

@@ -357,6 +357,18 @@ describe('AuthService', () => {
     });
   });
 
+  describe('logoutDevices', () => {
+    it('should logout all devices', async () => {
+      userTokenMock.getAll.mockResolvedValue([userTokenEntityStub.inactiveToken, userTokenEntityStub.userToken]);
+
+      await sut.logoutDevices(authStub.user1);
+
+      expect(userTokenMock.getAll).toHaveBeenCalledWith(authStub.user1.id);
+      expect(userTokenMock.delete).toHaveBeenCalledWith(authStub.user1.id, 'not_active');
+      expect(userTokenMock.delete).not.toHaveBeenCalledWith(authStub.user1.id, 'token-id');
+    });
+  });
+
   describe('logoutDevice', () => {
     it('should logout the device', async () => {
       await sut.logoutDevice(authStub.user1, 'token-1');

server/libs/domain/src/auth/auth.service.ts

@@ -163,6 +163,16 @@ export class AuthService {
     await this.userTokenCore.delete(authUser.id, deviceId);
   }
 
+  async logoutDevices(authUser: AuthUserDto): Promise<void> {
+    const devices = await this.userTokenCore.getAll(authUser.id);
+    for (const device of devices) {
+      if (device.id === authUser.accessTokenId) {
+        continue;
+      }
+      await this.userTokenCore.delete(authUser.id, device.id);
+    }
+  }
+
   private getBearerToken(headers: IncomingHttpHeaders): string | null {
     const [type, token] = (headers.authorization || '').split(' ');
     if (type.toLowerCase() === 'bearer') {

web/src/api/open-api/api.ts

@@ -6299,6 +6299,44 @@ export const AuthenticationApiAxiosParamCreator = function (configuration?: Conf
 
 
     
+            setSearchParams(localVarUrlObj, localVarQueryParameter);
+            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers};
+
+            return {
+                url: toPathString(localVarUrlObj),
+                options: localVarRequestOptions,
+            };
+        },
+        /**
+         * 
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        logoutAuthDevices: async (options: AxiosRequestConfig = {}): Promise<RequestArgs> => {
+            const localVarPath = `/auth/devices`;
+            // use dummy base URL string because the URL constructor only accepts absolute URLs.
+            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
+            let baseOptions;
+            if (configuration) {
+                baseOptions = configuration.baseOptions;
+            }
+
+            const localVarRequestOptions = { method: 'DELETE', ...baseOptions, ...options};
+            const localVarHeaderParameter = {} as any;
+            const localVarQueryParameter = {} as any;
+
+            // authentication cookie required
+
+            // authentication api_key required
+            await setApiKeyToObject(localVarHeaderParameter, "x-api-key", configuration)
+
+            // authentication bearer required
+            // http bearer authentication required
+            await setBearerAuthToObject(localVarHeaderParameter, configuration)
+
+
+    
             setSearchParams(localVarUrlObj, localVarQueryParameter);
             let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
             localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers};
@@ -6414,6 +6452,15 @@ export const AuthenticationApiFp = function(configuration?: Configuration) {
             const localVarAxiosArgs = await localVarAxiosParamCreator.logoutAuthDevice(id, options);
             return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
         },
+        /**
+         * 
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        async logoutAuthDevices(options?: AxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<void>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.logoutAuthDevices(options);
+            return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
+        },
         /**
          * 
          * @param {*} [options] Override http request option.
@@ -6485,6 +6532,14 @@ export const AuthenticationApiFactory = function (configuration?: Configuration,
         logoutAuthDevice(id: string, options?: any): AxiosPromise<void> {
             return localVarFp.logoutAuthDevice(id, options).then((request) => request(axios, basePath));
         },
+        /**
+         * 
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        logoutAuthDevices(options?: any): AxiosPromise<void> {
+            return localVarFp.logoutAuthDevices(options).then((request) => request(axios, basePath));
+        },
         /**
          * 
          * @param {*} [options] Override http request option.
@@ -6567,6 +6622,16 @@ export class AuthenticationApi extends BaseAPI {
         return AuthenticationApiFp(this.configuration).logoutAuthDevice(id, options).then((request) => request(this.axios, this.basePath));
     }
 
+    /**
+     * 
+     * @param {*} [options] Override http request option.
+     * @throws {RequiredError}
+     * @memberof AuthenticationApi
+     */
+    public logoutAuthDevices(options?: AxiosRequestConfig) {
+        return AuthenticationApiFp(this.configuration).logoutAuthDevices(options).then((request) => request(this.axios, this.basePath));
+    }
+
     /**
      * 
      * @param {*} [options] Override http request option.

web/src/lib/components/user-settings-page/device-list.svelte

@@ -2,6 +2,7 @@
 	import { api, AuthDeviceResponseDto } from '@api';
 	import { onMount } from 'svelte';
 	import { handleError } from '../../utils/handle-error';
+	import Button from '../elements/buttons/button.svelte';
 	import ConfirmDialogue from '../shared-components/confirm-dialogue.svelte';
 	import {
 		notificationController,
@@ -11,6 +12,7 @@
 
 	let devices: AuthDeviceResponseDto[] = [];
 	let deleteDevice: AuthDeviceResponseDto | null = null;
+	let deleteAll = false;
 
 	const refresh = () => api.authenticationApi.getAuthDevices().then(({ data }) => (devices = data));
 
@@ -36,6 +38,21 @@
 			deleteDevice = null;
 		}
 	};
+
+	const handleDeleteAll = async () => {
+		try {
+			await api.authenticationApi.logoutAuthDevices();
+			notificationController.show({
+				message: `Logged out all devices`,
+				type: NotificationType.Info
+			});
+		} catch (error) {
+			handleError(error, 'Unable to log out all devices');
+		} finally {
+			await refresh();
+			deleteAll = false;
+		}
+	};
 </script>
 
 {#if deleteDevice}
@@ -46,6 +63,14 @@
 	/>
 {/if}
 
+{#if deleteAll}
+	<ConfirmDialogue
+		prompt="Are you sure you want to log out all devices?"
+		on:confirm={() => handleDeleteAll()}
+		on:cancel={() => (deleteAll = false)}
+	/>
+{/if}
+
 <section class="my-4">
 	{#if currentDevice}
 		<div class="mb-6">
@@ -56,7 +81,7 @@
 		</div>
 	{/if}
 	{#if otherDevices.length > 0}
-		<div>
+		<div class="mb-6">
 			<h3 class="font-medium text-xs mb-2 text-immich-primary dark:text-immich-dark-primary">
 				OTHER DEVICES
 			</h3>
@@ -67,5 +92,11 @@
 				{/if}
 			{/each}
 		</div>
+		<h3 class="font-medium text-xs mb-2 text-immich-primary dark:text-immich-dark-primary">
+			LOG OUT ALL DEVICES
+		</h3>
+		<div class="flex justify-end">
+			<Button color="red" size="sm" on:click={() => (deleteAll = true)}>Log Out All Devices</Button>
+		</div>
 	{/if}
 </section>