Complete Logout & Revoke Semantics & Added Tests

Author: mckaragoz

samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer/Components/Dialogs/AccountStatusDialog.razor

@@ -23,21 +23,6 @@
 </MudDialog>
 
 @code {
-
-    private MudForm? _form;
-
-    private string? _firstName;
-    private string? _lastName;
-    private string? _displayName;
-
-    private DateTime? _birthDate;
-    private string? _gender;
-    private string? _bio;
-
-    private string? _language;
-    private string? _timeZone;
-    private string? _culture;
-
     [CascadingParameter]
     private IMudDialogInstance MudDialog { get; set; } = default!;
 

samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer/Components/Dialogs/SessionDialog.razor

@@ -11,5 +11,6 @@ public enum UAuthStateEvent
     RolesChanged,
     PermissionsChanged,
     SessionRevoked,
-    UserDeleted
+    UserDeleted,
+    LogoutVariant
 }

src/CodeBeam.UltimateAuth.Client/AuthState/UAuthStateEvent.cs

@@ -80,7 +80,7 @@ private async Task HandleStateEvent(UAuthStateEventArgs args)
             return;
         }
 
-        if (args.Type == UAuthStateEvent.CredentialsChanged || args.Type == UAuthStateEvent.UserDeleted)
+        if (args.Type == UAuthStateEvent.CredentialsChanged || args.Type == UAuthStateEvent.UserDeleted || args.Type == UAuthStateEvent.LogoutVariant)
         {
             State.Clear();
             return;

src/CodeBeam.UltimateAuth.Client/AuthState/UAuthStateManager.cs

@@ -1,5 +1,7 @@
 using CodeBeam.UltimateAuth.Client.Contracts;
 using CodeBeam.UltimateAuth.Core.Contracts;
+using CodeBeam.UltimateAuth.Core.Domain;
+using CodeBeam.UltimateAuth.Users.Contracts;
 
 // TODO: Add ReauthAsync
 namespace CodeBeam.UltimateAuth.Client.Services;
@@ -14,4 +16,11 @@ public interface IFlowClient
 
     Task BeginPkceAsync(string? returnUrl = null);
     Task CompletePkceLoginAsync(PkceLoginRequest request);
+
+    Task<UAuthResult<RevokeResult>> LogoutDeviceSelfAsync(LogoutDeviceSelfRequest request);
+    Task<UAuthResult> LogoutOtherDevicesSelfAsync();
+    Task<UAuthResult> LogoutAllDevicesSelfAsync();
+    Task<UAuthResult<RevokeResult>> LogoutDeviceAdminAsync(UserKey userKey, SessionChainId chainId);
+    Task<UAuthResult> LogoutOtherDevicesAdminAsync(LogoutOtherDevicesAdminRequest request);
+    Task<UAuthResult> LogoutAllDevicesAdminAsync(UserKey userKey);
 }

src/CodeBeam.UltimateAuth.Client/Services/Abstractions/IFlowClient.cs

@@ -13,7 +13,7 @@ public interface ISessionClient
 
 
     Task<UAuthResult<PagedResult<SessionChainSummaryDto>>> GetUserChainsAsync(UserKey userKey);
-    Task<UAuthResult<SessionChainDetailDto>> GetUserChainAsync(UserKey userKey, SessionChainId chainId);
+    Task<UAuthResult<SessionChainDetailDto>> GetUserChainDetailAsync(UserKey userKey, SessionChainId chainId);
     Task<UAuthResult> RevokeUserSessionAsync(UserKey userKey, AuthSessionId sessionId);
     Task<UAuthResult> RevokeUserChainAsync(UserKey userKey, SessionChainId chainId);
     Task<UAuthResult> RevokeUserRootAsync(UserKey userKey);

src/CodeBeam.UltimateAuth.Client/Services/Abstractions/ISessionClient.cs

@@ -8,6 +8,7 @@
 using CodeBeam.UltimateAuth.Core.Contracts;
 using CodeBeam.UltimateAuth.Core.Domain;
 using CodeBeam.UltimateAuth.Core.Infrastructure;
+using CodeBeam.UltimateAuth.Users.Contracts;
 using Microsoft.AspNetCore.Components;
 using Microsoft.Extensions.Options;
 using System.Net;
@@ -234,6 +235,65 @@ public async Task CompletePkceLoginAsync(PkceLoginRequest request)
         await _post.NavigateAsync(url, payload);
     }
 
+    public async Task<UAuthResult<RevokeResult>> LogoutDeviceSelfAsync(LogoutDeviceSelfRequest request)
+    {
+        var raw = await _post.SendJsonAsync(Url($"/logout-device"), request);
+
+        if (raw.Ok)
+        {
+            var result = UAuthResultMapper.FromJson<RevokeResult>(raw);
+
+            if (result.Value?.CurrentChain == true)
+            {
+                await _events.PublishAsync(new UAuthStateEventArgsEmpty(UAuthStateEvent.LogoutVariant, _options.UAuthStateRefreshMode));
+            }
+
+            return result;
+        }
+
+        return UAuthResultMapper.FromJson<RevokeResult>(raw);
+    }
+
+    public async Task<UAuthResult<RevokeResult>> LogoutDeviceAdminAsync(UserKey userKey, SessionChainId chainId)
+    {
+        LogoutDeviceAdminRequest request = new() { UserKey = userKey, ChainId = chainId };
+        var raw = await _post.SendJsonAsync(Url($"/admin/users/logout-device/{userKey.Value}"), request);
+        return UAuthResultMapper.FromJson<RevokeResult>(raw);
+    }
+
+    public async Task<UAuthResult> LogoutOtherDevicesSelfAsync()
+    {
+        var raw = await _post.SendJsonAsync(Url("/logout-others"));
+        return UAuthResultMapper.From(raw);
+    }
+
+    public async Task<UAuthResult> LogoutOtherDevicesAdminAsync(LogoutOtherDevicesAdminRequest request)
+    {
+        var raw = await _post.SendJsonAsync(Url($"/admin/users/logout-others/{request.UserKey.Value}"), request);
+        return UAuthResultMapper.From(raw);
+    }
+
+    public async Task<UAuthResult> LogoutAllDevicesSelfAsync()
+    {
+        var raw = await _post.SendJsonAsync(Url("/logout-all"));
+        if (raw.Ok)
+        {
+            await _events.PublishAsync(new UAuthStateEventArgsEmpty(UAuthStateEvent.LogoutVariant, _options.UAuthStateRefreshMode));
+        }
+        return UAuthResultMapper.From(raw);
+    }
+
+    public async Task<UAuthResult> LogoutAllDevicesAdminAsync(UserKey userKey)
+    {
+        var raw = await _post.SendJsonAsync(Url($"/admin/users/logout-all/{userKey.Value}"));
+        if (raw.Ok)
+        {
+            await _events.PublishAsync(new UAuthStateEventArgsEmpty(UAuthStateEvent.LogoutVariant, _options.UAuthStateRefreshMode));
+        }
+        return UAuthResultMapper.From(raw);
+    }
+
+
     private Task NavigateToHubLoginAsync(string authorizationCode, string codeVerifier, string returnUrl)
     {
         var hubLoginUrl = Url(_options.Endpoints.HubLoginPath);
@@ -249,9 +309,6 @@ private Task NavigateToHubLoginAsync(string authorizationCode, string codeVerifi
         return _post.NavigateAsync(hubLoginUrl, data);
     }
 
-
-    // ---------------- PKCE CRYPTO ----------------
-
     private static string CreateVerifier()
     {
         var bytes = RandomNumberGenerator.GetBytes(32);

src/CodeBeam.UltimateAuth.Client/Services/UAuthFlowClient.cs

@@ -42,7 +42,7 @@ public async Task<UAuthResult<RevokeResult>> RevokeMyChainAsync(SessionChainId c
         var raw = await _request.SendJsonAsync(Url($"/session/me/chains/{chainId}/revoke"));
         var result = UAuthResultMapper.FromJson<RevokeResult>(raw);
 
-        if (result.Value?.CurrentSessionRevoked == true)
+        if (result.Value?.CurrentChain == true)
         {
             await _events.PublishAsync(new UAuthStateEventArgsEmpty(UAuthStateEvent.SessionRevoked, _options.UAuthStateRefreshMode));
         }
@@ -76,7 +76,7 @@ public async Task<UAuthResult<PagedResult<SessionChainSummaryDto>>> GetUserChain
         return UAuthResultMapper.FromJson<PagedResult<SessionChainSummaryDto>>(raw);
     }
 
-    public async Task<UAuthResult<SessionChainDetailDto>> GetUserChainAsync(UserKey userKey, SessionChainId chainId)
+    public async Task<UAuthResult<SessionChainDetailDto>> GetUserChainDetailAsync(UserKey userKey, SessionChainId chainId)
     {
         var raw = await _request.SendFormAsync(Url($"/admin/users/{userKey}/sessions/chains/{chainId}"));
         return UAuthResultMapper.FromJson<SessionChainDetailDto>(raw);

src/CodeBeam.UltimateAuth.Client/Services/UAuthSessionClient.cs

@@ -12,6 +12,9 @@ public interface ISessionStore
     Task SaveSessionAsync(UAuthSession session, long expectedVersion, CancellationToken ct = default);
     Task CreateSessionAsync(UAuthSession session, CancellationToken ct = default);
     Task<bool> RevokeSessionAsync(AuthSessionId sessionId, DateTimeOffset at, CancellationToken ct = default);
+    public Task RevokeOtherSessionsAsync(UserKey user, SessionChainId keepChain, DateTimeOffset at, CancellationToken ct = default);
+    public Task RevokeAllSessionsAsync(UserKey user, DateTimeOffset at, CancellationToken ct = default);
+    Task RemoveSessionAsync(AuthSessionId sessionId, CancellationToken ct = default);
 
     Task<UAuthSessionChain?> GetChainAsync(SessionChainId chainId, CancellationToken ct = default);
     Task SaveChainAsync(UAuthSessionChain chain, long expectedVersion, CancellationToken ct = default);
@@ -20,6 +23,7 @@ public interface ISessionStore
     Task RevokeOtherChainsAsync(TenantKey tenant, UserKey user, SessionChainId keepChain, DateTimeOffset at, CancellationToken ct = default);
     Task RevokeAllChainsAsync(TenantKey tenant, UserKey user, DateTimeOffset at, CancellationToken ct = default);
     Task RevokeChainCascadeAsync(SessionChainId chainId, DateTimeOffset at, CancellationToken ct = default);
+    Task LogoutChainAsync(SessionChainId chainId, DateTimeOffset at, CancellationToken ct = default);
 
     Task<UAuthSessionRoot?> GetRootByUserAsync(UserKey userKey, CancellationToken ct = default);
     Task<UAuthSessionRoot?> GetRootByIdAsync(SessionRootId rootId, CancellationToken ct = default);
@@ -30,7 +34,7 @@ public interface ISessionStore
 
     Task<SessionChainId?> GetChainIdBySessionAsync(AuthSessionId sessionId, CancellationToken ct = default);
     Task<IReadOnlyList<UAuthSessionChain>> GetChainsByUserAsync(UserKey userKey, bool includeHistoricalRoots = false, CancellationToken ct = default);
+    Task<UAuthSessionChain?> GetChainByDeviceAsync(TenantKey tenant, UserKey userKey, DeviceId deviceId, CancellationToken ct = default);
     Task<IReadOnlyList<UAuthSessionChain>> GetChainsByRootAsync(SessionRootId rootId, CancellationToken ct = default);
     Task<IReadOnlyList<UAuthSession>> GetSessionsByChainAsync(SessionChainId chainId, CancellationToken ct = default);
-    Task DeleteExpiredSessionsAsync(DateTimeOffset at, CancellationToken ct = default);
 }

src/CodeBeam.UltimateAuth.Core/Abstractions/Stores/ISessionStore.cs

@@ -17,7 +17,4 @@ public sealed record LoginRequest
     /// Server policy may still ignore this.
     /// </summary>
     public bool RequestTokens { get; init; } = true;
-
-    // Optional
-    public SessionChainId? ChainId { get; init; }
 }