693: Logout of all sessions card

[angelayu0530]

693

changes

Description of changes

Checklist before review

• I have done a thorough self-review of the PR
• Copilot has reviewed my latest changes, and all comments have been fixed and/or closed.
• If I have made database changes, I have made sure I followed all the db repo rules listed in the wiki here. (check if no db changes)
• All tests have passed
• I have successfully deployed this PR to staging
• I have done manual QA in both dev (and staging if possible) and attached screenshots below.

Screenshots

Dev

Screen.Recording.2026-01-31.at.4.44.30.PM.mov

Staging

Screen.Recording.2026-01-31.at.5.09.24.PM.mov

[github-actions]

Available PR Commands

• /ai - Triggers all AI review commands at once
• /review - AI review of the PR changes
• /describe - AI-powered description of the PR
• /improve - AI-powered suggestions
• /deploy - Deploy to staging

See: https://github.com/tahminator/codebloom/wiki/CI-Commands

[github-actions]

Title

693: Logout of all sessions card

---

PR Type

Enhancement

---

Description

• Add logout-all-sessions settings card

• Implement confirmation modal with actions

• Wire button to /api/auth/logout/all endpoint

• Integrate card into settings stack

---

Diagram Walkthrough

flowchart LR
  settings["Settings.page.tsx"]
  card["LogoutAllSessionsCard.tsx"]
  modal["LogoutAllSessionsModal.tsx"]
  endpoint["GET /api/auth/logout/all"]

  settings -- "renders" --> card
  card -- "opens" --> modal
  modal -- "Confirm action" --> endpoint

Loading

File Walkthrough

Relevant files

Enhancement

Settings.page.tsx Integrate logout-all-sessions card into settings                  js/src/app/settings/Settings.page.tsx Import new LogoutAllSessionsCard. Render card within settings stack. +2/-0      LogoutAllSessionsCard.tsx New settings card to trigger logout-all-sessions                  js/src/app/settings/_components/LogoutAllSessionsCard.tsx Add card UI with title, text, and button. Manage modal open state with toggle handler. Include LogoutAllSessionsModal controlled by state. +30/-0    LogoutAllSessionsModal.tsx Confirmation modal for logging out all sessions                    js/src/app/settings/_components/LogoutAllSessionsModal.tsx Implement confirmation modal UI and controls. Provide cancel and confirm actions. Link confirm to /api/auth/logout/all with reload. +40/-0

---

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns CSRF and HTTP verb: Logging out all sessions is a state-changing action; initiating it via a navigational link likely issues a GET request. Ensure the backend requires a POST/DELETE with CSRF protection or another anti-forgery mechanism. If GET is used, it could be vulnerable to CSRF via simple link/image loads.

⚡ Recommended focus areas for review REST Flow The destructive action is triggered via a client-side link to '/api/auth/logout/all' with a full document reload. Confirm this follows existing API patterns (HTTP method, CSRF protections) and that a non-idempotent action isn't performed via GET navigation. <Button component={Link} to={"/api/auth/logout/all"} reloadDocument color="red" > Log Out All Sessions </Button> UX Consistency Using 'reloadDocument' navigates away abruptly; verify it matches the Settings page pattern (e.g., using fetch/mutation + toast + redirect) and preserves styling/behavior of other cards/modals. component={Link} to={"/api/auth/logout/all"} reloadDocument color="red" > Accessibility Ensure modal focus management and aria labels are handled by Mantine; consider adding an aria-label to the CloseButton and confirming initial focus on open. <Button mt="sm" color="red" onClick={toggleModal}> Log Out All Sessions </Button> </Box> <LogoutAllSessionsModal enabled={modalOpen} toggle={toggleModal} /> </Box>

[angelayu0530]

/deploy

[github-actions]

The command to deploy to staging for the commit 8cf0c3e has been triggered. View action run

[github-actions]

Staging deployment failed for commit 8cf0c3e

View run

[angelayu0530]

/deploy

[github-actions]

The command to deploy to staging for the commit f375ccd has been triggered. View action run

[github-actions]

Staging deployment succeeded for commit f375ccd

View run

[angelayu0530]

/deploy

[github-actions]

The command to deploy to staging for the commit 3a3db7c has been triggered. View action run

[github-actions]

Staging deployment succeeded for commit 3a3db7c

View run

[angelayu0530]

/deploy

[github-actions]

The command to deploy to staging for the commit 3a3db7c has been triggered. View action run

[github-actions]

Staging deployment succeeded for commit 3a3db7c

View run

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!