Make it possible to list and invalidate active sessions

calsocial/account.py

@@ -17,7 +17,7 @@
 """Main module for the Calendar.social app
 """
 
-from flask import Blueprint, abort, current_app, redirect, render_template, url_for
+from flask import Blueprint, abort, current_app, flash, redirect, render_template, session, url_for
 from flask_security import current_user, login_required
 
 from sqlalchemy.orm.exc import NoResultFound
@@ -197,3 +197,38 @@ class AccountBlueprint(Blueprint, RoutedMixin):
             db.session.commit()
 
         return redirect(url_for('account.follow_requests'))
+
+    @staticmethod
+    @RoutedMixin.route('/sessions')
+    @login_required
+    def active_sessions():
+        """View the list of active sessions
+        """
+
+        sessions = []
+
+        for sid in current_user.active_sessions:
+            session = current_app.session_interface.load_session(sid)
+            sessions.append(session)
+
+        return render_template('account/active-sessions.html', sessions=sessions)
+
+    @staticmethod
+    @RoutedMixin.route('/sessions/invalidate/<string:sid>')
+    @login_required
+    def invalidate_session(sid):
+        """View to invalidate a session
+        """
+
+        sess = current_app.session_interface.load_session(sid)
+
+        if not sess or sess.user != current_user:
+            abort(404)
+
+        if sess.sid == session.sid:
+            flash(_('Can’t invalidate your current session'))
+        else:
+            current_app.session_interface.delete_session(sid)
+            current_user.active_sessions = [sess_id for sess_id in current_user.active_sessions if sess_id != sid]
+
+        return redirect(url_for('account.active_sessions'))