How to programmatically log out lots of users


(eriko) #1

So I need to end a bunch of people login sessions at once on a quarterly basis. I notice that admin/users.rb log_out uses MessageBus.publish "/logout", @user.id, user_ids: [@user.id]. Can I use that inside a plugin to mass logout users? I have ‘log out strict’ set so it should hit all the sessions.


Reset all login tokens
(Mittineague) #10

Sorry if I’m missing the obvious, but wouldn’t putting the forum into “read only mode” be effectively the same as logging everyone off?


(Régis Hanol) #11

Nope. Read only mode will prevent login (for anon) and posting (for logged in users) but once disabled it will not force users to log back in.


(Felix Freiberger) #15

As an alternative, here is a bit of JavaScript for node.js that iterates over a list of user ids and logs them out using the API:

var logoutUsers = function (ids, domain, apiKey, delay) {
    var nextIndex = 0;
    var errors = 0;

    var callNextUrl = function () {
        if (nextIndex < ids.length) {
            var id = ids[nextIndex];
            nextIndex++;
            console.log("logging out " + id);
            var req = https.request({
                hostname: domain,
                port: 443,
                path: '/admin/users/' + id + '/log_out?api_key=' + apiKey + '&api_username=system',
                method: 'POST'
            }, function (res) {
                console.log("response: " + res.statusCode);
                res.resume();
                setTimeout(callNextUrl, delay);
            }).on('error', function (e) {
                console.log("Got error: " + e.message);
                errors++;
            });
            req.end();
        } else {
            console.log("Done!");
            console.log("Errors: " + errors);
        }
    };

    callNextUrl();
};

How do I get a list of all users from the API?
Re-purposing a Discourse installation for a yearly event
(Sam Saffron) #18

Current best practice is:

./launcher enter app
rails c
UserAuthToken.delete_all

Also … for extra safety you could also delete all user api keys used for the app with

UserApiKey.delete_all

(system) #19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.