75bb53f065
fixes https://github.com/TryGhost/Product/issues/3738 https://www.notion.so/ghost/Member-Session-Invalidation-13254316f2244c34bcbc65c101eb5cc4 - Adds the transient_id column to the members table. This defaults to email, to keep it backwards compatible (not logging out all existing sessions) - Instead of using the email in the cookies, we now use the transient_id - Updating the transient_id means invalidating all sessions of a member - Adds an endpoint to the admin api to log out a member from all devices - Added the `all` body property to the DELETE session endpoint in the members API. Setting it to true will sign a member out from all devices. - Adds a UI button in Admin to sign a member out from all devices - Portal 'sign out of all devices' will not be added for now Related changes (added because these areas were affected by the code changes): - Adds a serializer to member events / activity feed endpoints - all member fields were returned here, so the transient_id would also be returned - which is not needed and bloats the API response size (`transient_id` is not a secret because the cookies are signed) - Removed `loadMemberSession` from public settings browse (not used anymore + bad pattern) Performance tests on site with 50.000 members (on Macbook M1 Pro): - Migrate: 6s (adding column 4s, setting to email is 1s, dropping nullable: 1s) - Rollback: 2s |
||
---|---|---|
.. | ||
BenefitsImporter.js | ||
EmailBatchesImporter.js | ||
EmailRecipientsImporter.js | ||
EmailsImporter.js | ||
index.js | ||
LabelsImporter.js | ||
MembersClickEventsImporter.js | ||
MembersCreatedEventsImporter.js | ||
MembersFeedbackImporter.js | ||
MembersImporter.js | ||
MembersLabelsImporter.js | ||
MembersLoginEventsImporter.js | ||
MembersNewslettersImporter.js | ||
MembersPaidSubscriptionEventsImporter.js | ||
MembersProductsImporter.js | ||
MembersStatusEventsImporter.js | ||
MembersStripeCustomersImporter.js | ||
MembersStripeCustomersSubscriptionsImporter.js | ||
MembersSubscribeEventsImporter.js | ||
MembersSubscriptionCreatedEventsImporter.js | ||
NewslettersImporter.js | ||
OffersImporter.js | ||
PostsAuthorsImporter.js | ||
PostsImporter.js | ||
PostsProductsImporter.js | ||
PostsTagsImporter.js | ||
ProductsBenefitsImporter.js | ||
ProductsImporter.js | ||
RedirectsImporter.js | ||
RolesUsersImporter.js | ||
StripePricesImporter.js | ||
StripeProductsImporter.js | ||
SubscriptionsImporter.js | ||
TableImporter.js | ||
TagsImporter.js | ||
UsersImporter.js | ||
WebMentionsImporter.js |