Merge pull request #2034 from appwrite/dat-522

Session Invalidation on password change

Author: abnegate

src/lib/actions/analytics.ts

@@ -265,6 +265,7 @@ export enum Submit {
     AuthSessionAlertsUpdate = 'submit_auth_session_alerts_update',
     AuthMembershipPrivacyUpdate = 'submit_auth_membership_privacy_update',
     AuthMockNumbersUpdate = 'submit_auth_mock_numbers_update',
+    AuthInvalidateSesssion = 'submit_auth_invalidate_session',
     SessionsLengthUpdate = 'submit_sessions_length_update',
     SessionsLimitUpdate = 'submit_sessions_limit_update',
     SessionDelete = 'submit_session_delete',

src/routes/(console)/project-[region]-[project]/auth/security/+page.svelte

@@ -9,6 +9,7 @@
     import UpdateSessionsLimit from './updateSessionsLimit.svelte';
     import UpdateMembershipPrivacy from './updateMembershipPrivacy.svelte';
     import UpdateUsersLimit from './updateUsersLimit.svelte';
+    import UpdateSessionInvalidation from './updateSessionInvalidation.svelte';
 </script>
 
 <Container>
@@ -19,6 +20,7 @@
     <UpdatePasswordDictionary />
     <UpdatePersonalDataCheck />
     <UpdateSessionAlerts />
+    <UpdateSessionInvalidation />
     <UpdateMockNumbers />
     <UpdateMembershipPrivacy />
 </Container>

src/routes/(console)/project-[region]-[project]/auth/security/updateSessionInvalidation.svelte

@@ -0,0 +1,56 @@
+<script lang="ts">
+    import { invalidate } from '$app/navigation';
+    import { Submit, trackError, trackEvent } from '$lib/actions/analytics';
+    import { CardGrid } from '$lib/components';
+    import { Dependencies } from '$lib/constants';
+    import { Button, Form, InputSwitch } from '$lib/elements/forms';
+    import { addNotification } from '$lib/stores/notifications';
+    import { sdk } from '$lib/stores/sdk';
+    import { Typography } from '@appwrite.io/pink-svelte';
+    import { project } from '../../store';
+
+    let sessionInvalidation = $project?.authInvalidateSessions ?? false;
+
+    async function updateSessionInvalidation() {
+        try {
+            await sdk.forConsole.projects.updateSessionInvalidation(
+                $project.$id,
+                sessionInvalidation
+            );
+            await invalidate(Dependencies.PROJECT);
+            addNotification({
+                type: 'success',
+                message: 'Updated session invalidation check.'
+            });
+            trackEvent(Submit.AuthInvalidateSesssion);
+        } catch (error) {
+            addNotification({
+                type: 'error',
+                message: error.message
+            });
+            trackError(error, Submit.AuthInvalidateSesssion);
+        }
+    }
+</script>
+
+<Form onSubmit={updateSessionInvalidation}>
+    <CardGrid>
+        <svelte:fragment slot="title">Invalidate sessions</svelte:fragment>
+        <svelte:fragment slot="aside">
+            <InputSwitch
+                bind:value={sessionInvalidation}
+                id="invalidateSessions"
+                label="Invalidate sessions" />
+            <Typography.Text>
+                Enabling this option will clear all existing sessions when the user changes their
+                password.
+            </Typography.Text>
+        </svelte:fragment>
+
+        <svelte:fragment slot="actions">
+            <Button disabled={sessionInvalidation === $project?.authInvalidateSessions} submit>
+                Update
+            </Button>
+        </svelte:fragment>
+    </CardGrid>
+</Form>