So I need to end a bunch of people login sessions at once on a quarterly basis. I notice that admin/users.rb log_out uses MessageBus.publish "/logout", @user.id, user_ids: [@user.id]. Can I use that inside a plugin to mass logout users? I have ‘log out strict’ set so it should hit all the sessions.
Sorry if I’m missing the obvious, but wouldn’t putting the forum into “read only mode” be effectively the same as logging everyone off?
Nope. Read only mode will prevent login (for anon) and posting (for logged in users) but once disabled it will not force users to log back in.
2 Likes
As an alternative, here is a bit of JavaScript for node.js that iterates over a list of user ids and logs them out using the API:
var logoutUsers = function (ids, domain, apiKey, delay) {
var nextIndex = 0;
var errors = 0;
var callNextUrl = function () {
if (nextIndex < ids.length) {
var id = ids[nextIndex];
nextIndex++;
console.log("logging out " + id);
var req = https.request({
hostname: domain,
port: 443,
path: '/admin/users/' + id + '/log_out?api_key=' + apiKey + '&api_username=system',
method: 'POST'
}, function (res) {
console.log("response: " + res.statusCode);
res.resume();
setTimeout(callNextUrl, delay);
}).on('error', function (e) {
console.log("Got error: " + e.message);
errors++;
});
req.end();
} else {
console.log("Done!");
console.log("Errors: " + errors);
}
};
callNextUrl();
};
3 Likes
Current best practice is:
./launcher enter app
rails c
UserAuthToken.delete_all
Also … for extra safety you could also delete all user api keys used for the app with
UserApiKey.delete_all
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.