feat: AccountSecuritySettingsPage + active-users list + toast + login banner
Eighth commit in the session-expiration-policy series. Surfaces all
the owner controls and user-facing expiry UX that the prior commits
plumbed through, designed end-to-end via /plan-design-review (initial
4/10 -> final 9/10; 7 decisions locked in the plan).
Backend additions:
- accounts/me/security GET response gains active_users: list of
{user_id, name, email, last_login_at} for users in this account
with at least one un-revoked refresh token. Joined query on
refresh_tokens + users, distinct, ordered by last_login desc.
Drives the Active Sessions section.
Frontend additions:
- api/accountSecurity.ts: typed client for GET/PATCH/revoke-sessions.
- hooks/useAuthSessionExpiry.ts: reads idle/absolute expiry from the
auth store, returns warning ('none'|'soon'|'now') + reason
('idle'|'absolute') so consumers can pick the right UX for the
closer window. Re-evaluates every 30s.
- components/common/SessionExpiryToast.tsx: top-of-app notice that
fires at T-5min. Idle case: warning-amber tone, [Stay signed in]
button hits authApi.refresh() and updates the store on success.
Absolute case: info-cyan tone, [Sign in now] link to /login (no
recoverable action). Dismissable, doesn't re-fire after dismissal.
- components/account/RevokeSessionsModal.tsx: confirmation modal for
the two bulk-revoke scopes. Title, body, and confirm-label vary by
scope; danger-styled confirm button.
- pages/account/AccountSecuritySettingsPage.tsx: the main page.
Header (Shield icon), intro, Policy card with Strict/Standard/Custom
radios + always-visible-disabled Custom inputs (idle/absolute
minutes) with inline validation, Save button + emerald success ping,
info note about 'applies at next login'. Active sessions card with
count-aware copy, list of {name, email, last-login-ago} rows
(caller tagged '(you)'), two buttons — 'except me' hidden when
count=1, 'sign me out and everyone else' uses danger-tinted styling.
- pages/AccountSettingsPage.tsx: 'Session security' row added to the
owner-only settings list.
- router.tsx: /account/security route, owner-gated via ProtectedRoute.
- pages/LoginPage.tsx: cyan info-tone banner above form when
?reason=session_expired is in the URL.
- components/layout/AppLayout.tsx: mounts <SessionExpiryToast />.
Scope=all bulk-revoke UX (the most jarring moment): on success,
toast.success(N sessions), 1.5s delay, then clear localStorage +
useAuthStore.logout() + window.location='/login' (no banner — the
owner just did this).
Backend tests: existing 22/22 still green plus the GET test now
asserts active_users is present + non-empty after login. Frontend:
tsc clean, authStore test 2/2.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -23,6 +23,7 @@ from app.models.account import Account
|
||||
from app.models.refresh_token import RefreshToken
|
||||
from app.models.user import User
|
||||
from app.schemas.account_security import (
|
||||
ActiveUser,
|
||||
RevokeSessionsRequest,
|
||||
RevokeSessionsResponse,
|
||||
SessionPolicyResponse,
|
||||
@@ -32,7 +33,9 @@ from app.schemas.account_security import (
|
||||
router = APIRouter(prefix="/accounts/me/security", tags=["account-security"])
|
||||
|
||||
|
||||
def _policy_response(account: Account) -> SessionPolicyResponse:
|
||||
def _policy_response(
|
||||
account: Account, active_users: list[ActiveUser]
|
||||
) -> SessionPolicyResponse:
|
||||
eff_idle, eff_abs = resolve_session_policy(account)
|
||||
return SessionPolicyResponse(
|
||||
idle_minutes=account.session_idle_minutes,
|
||||
@@ -43,6 +46,7 @@ def _policy_response(account: Account) -> SessionPolicyResponse:
|
||||
idle_minutes_max=settings.SESSION_IDLE_MINUTES_MAX,
|
||||
absolute_minutes_min=settings.SESSION_ABSOLUTE_MINUTES_MIN,
|
||||
absolute_minutes_max=settings.SESSION_ABSOLUTE_MINUTES_MAX,
|
||||
active_users=active_users,
|
||||
)
|
||||
|
||||
|
||||
@@ -52,13 +56,33 @@ async def _load_account(db: AsyncSession, account_id) -> Account:
|
||||
).scalar_one()
|
||||
|
||||
|
||||
async def _load_active_users(db: AsyncSession, account_id) -> list[ActiveUser]:
|
||||
"""Return distinct users in this account who currently hold an
|
||||
un-revoked refresh token. See plan §4.7."""
|
||||
from app.models.refresh_token import RefreshToken
|
||||
|
||||
stmt = (
|
||||
select(User.id, User.name, User.email, User.last_login)
|
||||
.join(RefreshToken, RefreshToken.user_id == User.id)
|
||||
.where(User.account_id == account_id, RefreshToken.revoked_at.is_(None))
|
||||
.distinct()
|
||||
.order_by(User.last_login.desc().nulls_last())
|
||||
)
|
||||
rows = (await db.execute(stmt)).all()
|
||||
return [
|
||||
ActiveUser(user_id=row.id, name=row.name, email=row.email, last_login_at=row.last_login)
|
||||
for row in rows
|
||||
]
|
||||
|
||||
|
||||
@router.get("", response_model=SessionPolicyResponse)
|
||||
async def get_session_policy(
|
||||
current_user: Annotated[User, Depends(require_account_owner)],
|
||||
db: Annotated[AsyncSession, Depends(get_admin_db)],
|
||||
):
|
||||
account = await _load_account(db, current_user.account_id)
|
||||
return _policy_response(account)
|
||||
active_users = await _load_active_users(db, current_user.account_id)
|
||||
return _policy_response(account, active_users)
|
||||
|
||||
|
||||
@router.patch("", response_model=SessionPolicyResponse)
|
||||
@@ -139,7 +163,8 @@ async def update_session_policy(
|
||||
)
|
||||
await db.commit()
|
||||
await db.refresh(account)
|
||||
return _policy_response(account)
|
||||
active_users = await _load_active_users(db, account.id)
|
||||
return _policy_response(account, active_users)
|
||||
|
||||
|
||||
@router.post("/revoke-sessions", response_model=RevokeSessionsResponse)
|
||||
|
||||
@@ -2,11 +2,28 @@
|
||||
|
||||
See docs/plans/2026-05-13-session-expiration-policy.md §4.7 and §4.11.
|
||||
"""
|
||||
from datetime import datetime
|
||||
from typing import Literal, Optional
|
||||
from uuid import UUID
|
||||
|
||||
from pydantic import BaseModel, Field
|
||||
|
||||
|
||||
class ActiveUser(BaseModel):
|
||||
"""One row in the active-users list on GET /accounts/me/security.
|
||||
|
||||
Rendered as 'name (email) · logged in 2d ago' on the Account Security
|
||||
page. `last_login_at` reflects the last successful sign-in, not the last
|
||||
refresh-token use — that requires the deferred refresh_tokens.last_used_at
|
||||
follow-up (see plan §9).
|
||||
"""
|
||||
|
||||
user_id: UUID
|
||||
name: str
|
||||
email: str
|
||||
last_login_at: Optional[datetime] = None
|
||||
|
||||
|
||||
class SessionPolicyResponse(BaseModel):
|
||||
"""GET /accounts/me/security — the policy in effect for this account.
|
||||
|
||||
@@ -32,6 +49,10 @@ class SessionPolicyResponse(BaseModel):
|
||||
absolute_minutes_min: int
|
||||
absolute_minutes_max: int
|
||||
|
||||
# Active sessions in this account — users with at least one un-revoked
|
||||
# refresh token. Drives the Active Sessions section in the UI.
|
||||
active_users: list[ActiveUser] = Field(default_factory=list)
|
||||
|
||||
|
||||
class SessionPolicyUpdateRequest(BaseModel):
|
||||
"""PATCH /accounts/me/security — set or clear the per-account override.
|
||||
|
||||
Reference in New Issue
Block a user