From f5e0356fb2a6f3502d725a5d69a0fd1699736b1f Mon Sep 17 00:00:00 2001
From: Bianca Nenciu <nbianca@users.noreply.github.com>
Date: Sun, 2 Sep 2018 09:24:54 +0200
Subject: [PATCH] correct miscellaneous issues with user login history

---
 .../templates/preferences/account.hbs         | 10 +++---
 .../stylesheets/common/base/discourse.scss    | 10 +++---
 app/controllers/users_controller.rb           |  2 +-
 app/serializers/user_auth_token_serializer.rb | 32 +++++++++----------
 spec/models/user_auth_token_spec.rb           | 19 +++++++++++
 spec/requests/users_controller_spec.rb        | 20 ++++++++++++
 .../acceptance/preferences-test.js.es6        |  6 ++++
 7 files changed, 73 insertions(+), 26 deletions(-)

diff --git a/app/assets/javascripts/discourse/templates/preferences/account.hbs b/app/assets/javascripts/discourse/templates/preferences/account.hbs
index 2d1d283337c..a99d9c57f45 100644
--- a/app/assets/javascripts/discourse/templates/preferences/account.hbs
+++ b/app/assets/javascripts/discourse/templates/preferences/account.hbs
@@ -164,16 +164,16 @@
 {{#if canCheckEmails}}
   <div class="control-group pref-auth-tokens">
     <label class="control-label">{{i18n 'user.auth_tokens.title'}}</label>
-    <a {{action "revokeAuthToken"}}>{{d-icon "sign-out"}} {{i18n 'user.auth_tokens.logout'}}</a>
+    <a {{action "revokeAuthToken"}} class="pull-right">{{d-icon "sign-out"}} {{i18n 'user.auth_tokens.logout'}}</a>
     {{#each model.user_auth_tokens as |token|}}
-      <div class="perf-auth-token">
+      <a class="perf-auth-token" {{action "toggleToken" token}}>
         <div class="row auth-token-summary">
           <div class="auth-token-label">
             {{d-icon token.icon}} {{token.device_name}}
             {{#if token.visible}}
-              <a {{action "toggleToken" token}}>{{d-icon "angle-double-up"}}</a>
+              {{d-icon "angle-double-up"}}
             {{else}}
-              <a {{action "toggleToken" token}}>{{d-icon "angle-double-down"}}</a>
+              {{d-icon "angle-double-down"}}
             {{/if}}
           </div>
           <div class="auth-token-value">
@@ -200,7 +200,7 @@
             </div>
           </div>
         {{/if}}
-      </div>
+      </a>
     {{/each}}
   </div>
 {{/if}}
diff --git a/app/assets/stylesheets/common/base/discourse.scss b/app/assets/stylesheets/common/base/discourse.scss
index 49e5cbafda4..6e353803b08 100644
--- a/app/assets/stylesheets/common/base/discourse.scss
+++ b/app/assets/stylesheets/common/base/discourse.scss
@@ -565,11 +565,13 @@ select {
   }
 
   .muted {
-    color: #888;
+    color: $primary-medium;
   }
 
   .perf-auth-token {
-    background: #f9f9f9;
+    background-color: $primary-very-low;
+    color: $primary;
+    display: block;
     padding: 5px;
     margin-bottom: 10px;
   }
@@ -585,12 +587,12 @@ select {
   }
 
   .auth-token-details {
-    background: #fff;
+    background: $secondary;
     padding: 5px 10px;
     margin: 10px 5px 5px 5px;
 
     .auth-token-label {
-      color: #888;
+      color: $primary-medium;
     }
   }
 
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 29dc694d262..a5bf263b949 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1102,7 +1102,7 @@ class UsersController < ApplicationController
     user = fetch_user_from_params
     guardian.ensure_can_edit!(user)
 
-    UserAuthToken.where(user_id: user.id).destroy_all
+    UserAuthToken.where(user_id: user.id).each(&:destroy!)
 
     MessageBus.publish "/file-change", ["refresh"], user_ids: [user.id]
 
diff --git a/app/serializers/user_auth_token_serializer.rb b/app/serializers/user_auth_token_serializer.rb
index 7e1c21d4460..b9168289cde 100644
--- a/app/serializers/user_auth_token_serializer.rb
+++ b/app/serializers/user_auth_token_serializer.rb
@@ -35,14 +35,14 @@ class UserAuthTokenSerializer < ApplicationSerializer
     case object.user_agent
     when /Android/i
       'Android'
+    when /iPhone|iPad|iPod/i
+      'iOS'
+    when /Macintosh/i
+      'macOS'
     when /Linux/i
       'Linux'
     when /Windows/i
       'Windows'
-    when /Macintosh|Mac OS X|macOS/i
-      'macOS'
-    when /iPhone|iPad|iPod/i
-      'iOS'
     else
       I18n.t('staff_action_logs.unknown')
     end
@@ -52,20 +52,20 @@ class UserAuthTokenSerializer < ApplicationSerializer
     case object.user_agent
     when /Android/i
       I18n.t('user_auth_tokens.devices.android')
-    when /Linux/i
-      I18n.t('user_auth_tokens.devices.linux')
-    when /Windows/i
-      I18n.t('user_auth_tokens.devices.windows')
-    when /Macintosh|Mac OS X|macOS/i
-      I18n.t('user_auth_tokens.devices.mac')
-    when /iPhone/i
-      I18n.t('user_auth_tokens.devices.iphone')
     when /iPad/i
       I18n.t('user_auth_tokens.devices.ipad')
+    when /iPhone/i
+      I18n.t('user_auth_tokens.devices.iphone')
     when /iPod/i
       I18n.t('user_auth_tokens.devices.ipod')
     when /Mobile/i
       I18n.t('user_auth_tokens.devices.mobile')
+    when /Macintosh/i
+      I18n.t('user_auth_tokens.devices.mac')
+    when /Linux/i
+      I18n.t('user_auth_tokens.devices.linux')
+    when /Windows/i
+      I18n.t('user_auth_tokens.devices.windows')
     else
       I18n.t('user_auth_tokens.devices.unknown')
     end
@@ -73,14 +73,14 @@ class UserAuthTokenSerializer < ApplicationSerializer
 
   def icon
     case os
+    when 'Android'
+      'android'
+    when 'macOS', 'iOS'
+      'apple'
     when 'Linux'
       'linux'
     when 'Windows'
       'windows'
-    when 'macOS', 'iOS'
-      'apple'
-    when 'Android'
-      'android'
     else
       'question'
     end
diff --git a/spec/models/user_auth_token_spec.rb b/spec/models/user_auth_token_spec.rb
index e9f8923522b..dce8eec3248 100644
--- a/spec/models/user_auth_token_spec.rb
+++ b/spec/models/user_auth_token_spec.rb
@@ -250,6 +250,25 @@ describe UserAuthToken do
 
   end
 
+  it "calls before_destroy" do
+    SiteSetting.verbose_auth_token_logging = true
+
+    user = Fabricate(:user)
+
+    token = UserAuthToken.generate!(user_id: user.id,
+                                    user_agent: "some user agent",
+                                    client_ip: "1.1.2.3")
+
+    expect(user.user_auth_token_logs.count).to eq(1)
+
+    token.destroy
+
+    expect(user.user_auth_token_logs.count).to eq(2)
+    expect(user.user_auth_token_logs.last.action).to eq("destroy")
+    expect(user.user_auth_token_logs.last.user_agent).to eq("some user agent")
+    expect(user.user_auth_token_logs.last.client_ip).to eq("1.1.2.3")
+  end
+
   it "will not mark token unseen when prev and current are the same" do
     user = Fabricate(:user)
 
diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb
index df71cb77ef5..7960bfd74e6 100644
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@@ -3167,4 +3167,24 @@ describe UsersController do
     end
 
   end
+
+  describe '#revoke_auth_token' do
+
+    context 'while logged in' do
+      before do
+        sign_in(user)
+      end
+
+      it 'logs user out' do
+        expect(user.user_auth_tokens.count).to eq(1)
+
+        post "/u/#{user.username}/preferences/revoke-auth-token.json"
+
+        expect(response.status).to eq(200)
+        expect(user.user_auth_tokens.count).to eq(0)
+      end
+
+    end
+
+  end
 end
diff --git a/test/javascripts/acceptance/preferences-test.js.es6 b/test/javascripts/acceptance/preferences-test.js.es6
index 66d3269b211..730cc638ed8 100644
--- a/test/javascripts/acceptance/preferences-test.js.es6
+++ b/test/javascripts/acceptance/preferences-test.js.es6
@@ -211,6 +211,12 @@ QUnit.test("default avatar selector", async assert => {
   );
 });
 
+QUnit.test("email field always shows up", async assert => {
+  await visit("/u/eviltrout/preferences");
+
+  assert.ok(exists(".pref-auth-tokens"), "it shows the auth tokens");
+});
+
 acceptance("Avatar selector when selectable avatars is enabled", {
   loggedIn: true,
   settings: { selectable_avatars_enabled: true },