/
TerminateAllOtherSessionsController.php
45 lines (37 loc) · 1.26 KB
/
TerminateAllOtherSessionsController.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<?php
/*
* This file is part of Flarum.
*
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
*/
namespace Flarum\Api\Controller;
use Flarum\Http\RememberAccessToken;
use Flarum\Http\RequestUtil;
use Flarum\Http\SessionAccessToken;
use Illuminate\Database\Eloquent\Builder;
use Laminas\Diactoros\Response\EmptyResponse;
use Psr\Http\Message\ServerRequestInterface;
class TerminateAllOtherSessionsController extends AbstractDeleteController
{
/**
* {@inheritdoc}
*/
protected function delete(ServerRequestInterface $request)
{
$actor = RequestUtil::getActor($request);
$actor->assertRegistered();
$session = $request->getAttribute('session');
$sessionAccessToken = $session ? $session->get('access_token') : null;
// Delete all session access tokens except for this one.
$actor
->accessTokens()
->where('token', '!=', $sessionAccessToken)
->where(function (Builder $query) {
$query
->where('type', SessionAccessToken::$type)
->orWhere('type', RememberAccessToken::$type);
})->delete();
return new EmptyResponse(204);
}
}