feat(auth): SA4 — server-side session revocation via per-user session epoch
Signed client-side session cookies had no server-side kill switch: logout + password reset couldn't evict a stolen/copied cookie (valid until expiry). Add User.session_epoch (migration 0053), record it in the cookie at every login, and reject in current_user any cookie whose recorded epoch is behind the account's current one. - Bump the epoch on: password reset (kills ALL sessions — a reset is a compromise response), password change + a new 'Log out other sessions' action (both re-stamp the CURRENT cookie so the caller stays signed in, evicting only the others). - Per-account epoch map in the session so one account's revocation doesn't evict the other signed-in accounts in the same browser wallet. - Missing epoch (pre-SA4 cookie) is treated as 0, so the first bump revokes grandfathered sessions too. - New POST /auth/logout-others + a Settings → Account 'Active sessions' button (trilingual).
This commit is contained in:
parent
a65915ea11
commit
95d1549570
8 changed files with 155 additions and 1 deletions
27
backend/alembic/versions/0053_user_session_epoch.py
Normal file
27
backend/alembic/versions/0053_user_session_epoch.py
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
"""User.session_epoch for server-side session revocation (SA4)
|
||||
|
||||
A monotonic per-user counter. A signed session cookie records the epoch it was minted under;
|
||||
current_user rejects any cookie whose epoch is stale. Bumped on password reset, password change,
|
||||
or "log out everywhere" — so a stolen/copied client-side cookie dies on those events instead of
|
||||
staying valid until it expires. Existing rows default to 0 (matching a fresh cookie's absent/0 epoch).
|
||||
"""
|
||||
from typing import Sequence, Union
|
||||
|
||||
import sqlalchemy as sa
|
||||
from alembic import op
|
||||
|
||||
revision: str = "0053_user_session_epoch"
|
||||
down_revision: Union[str, None] = "0052_plex_show_meta"
|
||||
branch_labels: Union[str, Sequence[str], None] = None
|
||||
depends_on: Union[str, Sequence[str], None] = None
|
||||
|
||||
|
||||
def upgrade() -> None:
|
||||
op.add_column(
|
||||
"users",
|
||||
sa.Column("session_epoch", sa.Integer(), nullable=False, server_default="0"),
|
||||
)
|
||||
|
||||
|
||||
def downgrade() -> None:
|
||||
op.drop_column("users", "session_epoch")
|
||||
Loading…
Add table
Add a link
Reference in a new issue