Add feature to revoke sessions (#4259)

app/controllers/settings/sessions_controller.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class Settings::SessionsController < ApplicationController
+  before_action :set_session, only: :destroy
+
+  def destroy
+    @session.destroy!
+    flash[:notice] = I18n.t('sessions.revoke_success')
+    redirect_to edit_user_registration_path
+  end
+
+  private
+
+  def set_session
+    @session = current_user.session_activations.find(params[:id])
+  end
+end

app/views/auth/registrations/_sessions.html.haml

@@ -7,6 +7,7 @@
       %th= t 'sessions.browser'
       %th= t 'sessions.ip'
       %th= t 'sessions.activity'
+      %td
   %tbody
     - @sessions.each do |session|
       %tr
@@ -22,3 +23,6 @@
             = t 'sessions.current_session'
           - else
             %time.time-ago{ datetime: session.updated_at.iso8601, title: l(session.updated_at) }= l(session.updated_at)
+        %td
+          - if request.session['auth_id'] != session.session_id
+            = table_link_to 'times', t('sessions.revoke'), settings_session_path(session), method: :delete

config/locales/en.yml

@@ -397,6 +397,8 @@ en:
       windows: Windows
       windows_mobile: Windows Mobile
       windows_phone: Windows Phone
+    revoke: Revoke
+    revoke_success: Session successfully revoked
     title: Sessions
   settings:
     authorized_apps: Authorized apps

config/routes.rb

@@ -74,6 +74,8 @@ Rails.application.routes.draw do
 
     resource :follower_domains, only: [:show, :update]
     resource :delete, only: [:show, :destroy]
+
+    resources :sessions, only: [:destroy]
   end
 
   resources :media, only: [:show]