ONLYOFFICE · AlexeySafronov · Aug 6, 2024 · Apr 25, 2024 · Jul 29, 2024 · Aug 5, 2024
diff --git a/common/ASC.Api.Core/Model/EmployeeFullDto.cs b/common/ASC.Api.Core/Model/EmployeeFullDto.cs
@@ -151,6 +151,10 @@ public class EmployeeFullDto : EmployeeDto
     /// <type>System.Boolean, System</type>
     public bool? IsCustomQuota { get; set; }
 
+    /// <summary>Current login event ID</summary>
+    /// <type>System.Int32, System</type>
+    public int? LoginEventId { get; set; }
+
     public static new EmployeeFullDto GetSample()
     {
         return new EmployeeFullDto

diff --git a/common/ASC.Core.Common/Data/DbLoginEventsManager.cs b/common/ASC.Core.Common/Data/DbLoginEventsManager.cs
@@ -156,13 +156,15 @@ public async Task LogOutAllActiveConnectionsForTenantAsync(int tenantId)
         await InnerLogOutAsync(loginEventContext, loginEvents);
     }
 
-    public async Task LogOutAllActiveConnectionsExceptThisAsync(int loginEventId, int tenantId, Guid userId)
+    public async Task<List<DbLoginEvent>> LogOutAllActiveConnectionsExceptThisAsync(int loginEventId, int tenantId, Guid userId)
     {
         await using var loginEventContext = await dbContextFactory.CreateDbContextAsync();
 
         var loginEvents = await loginEventContext.LoginEventsExceptThisAsync(tenantId, userId, loginEventId).ToListAsync();
 
         await InnerLogOutAsync(loginEventContext, loginEvents);
+
+        return loginEvents;
     }
 
     private async Task InnerLogOutAsync(MessagesContext loginEventContext, List<DbLoginEvent> loginEvents)

diff --git a/common/ASC.Core.Common/Quota/QuotaSocketManager.cs b/common/ASC.Core.Common/Quota/QuotaSocketManager.cs
@@ -65,6 +65,13 @@ public async Task ChangeInvitationLimitValue(int value)
         await MakeRequest("change-invitation-limit-value", new { room, value });
     }
 
+    public async Task LogoutSession(Guid userId, int loginEventId = 0)
+    {
+        var tenantId = await _tenantManager.GetCurrentTenantIdAsync();
+
+        await MakeRequest("logout-session", new { room = $"{tenantId}-{userId}", loginEventId });
+    }
+
     private async Task<string> GetQuotaRoom()
     {
         var tenantId = await _tenantManager.GetCurrentTenantIdAsync();

diff --git a/common/ASC.Socket.IO/app/controllers/files.js b/common/ASC.Socket.IO/app/controllers/files.js
@@ -107,5 +107,10 @@ module.exports = (files) => {
     res.end();
   });
 
+  router.post("/logout-session", (req, res) => {
+    files.logoutSession(req.body);
+    res.end();
+  });
+
   return router;
 };
diff --git a/common/ASC.Socket.IO/app/hubs/files.js b/common/ASC.Socket.IO/app/hubs/files.js
@@ -331,12 +331,17 @@ module.exports = (io) => {
     logger.info(`changed user invitation limit in room ${room}, value ${value}`);
     filesIO.to(room).emit("s:change-invitation-limit-value", value);
   }
-  
+
   function updateHistory({ room, id, type } = {}) {
     logger.info(`update ${type} history ${id} in room ${room}`);
     filesIO.to(room).emit("s:update-history", { id, type });
   }
-
+
+  function logoutSession({ room, loginEventId } = {}) {
+    logger.info(`logout user ${room} session ${loginEventId}`);
+    filesIO.to(room).emit("s:logout-session", loginEventId);
+  }
+
   return {
     startEdit,
     stopEdit,
@@ -354,5 +359,6 @@ module.exports = (io) => {
     markAsNewFolders,
     changeInvitationLimitValue,
     updateHistory,
+    logoutSession
   };
 };
diff --git a/products/ASC.People/Server/Api/UserController.cs b/products/ASC.People/Server/Api/UserController.cs
@@ -26,6 +26,7 @@
 
 using ASC.AuditTrail.Repositories;
 using ASC.AuditTrail.Types;
+using ASC.Core.Security.Authentication;
 
 namespace ASC.People.Api;
 
@@ -34,6 +35,7 @@ public class UserController(
     ICache cache,
     TenantManager tenantManager,
     CookiesManager cookiesManager,
+    CookieStorage cookieStorage,
     CustomNamingPeople customNamingPeople,
     EmployeeDtoHelper employeeDtoHelper,
     EmployeeFullDtoHelper employeeFullDtoHelper,
@@ -1023,6 +1025,8 @@ public async Task<EmployeeFullDto> SelfAsync()
 
         result.Theme = (await settingsManager.LoadForCurrentUserAsync<DarkThemeSettings>()).Theme;
 
+        result.LoginEventId = cookieStorage.GetLoginEventIdFromCookie(cookiesManager.GetCookies(CookiesType.AuthKey));
+
         return result;
     }
 

diff --git a/web/ASC.Web.Api/Api/AuthenticationController.cs b/web/ASC.Web.Api/Api/AuthenticationController.cs
@@ -65,6 +65,7 @@ public class AuthenticationController(
     ApiContext apiContext,
     AuthContext authContext,
     CookieStorage cookieStorage,
+    QuotaSocketManager quotaSocketManager,
     DbLoginEventsManager dbLoginEventsManager,
     BruteForceLoginManager bruteForceLoginManager,
     TfaAppAuthSettingsHelper tfaAppAuthSettingsHelper,
@@ -295,6 +296,7 @@ public async Task<object> LogoutAsync()
         var loginEventId = cookieStorage.GetLoginEventIdFromCookie(cookie);
         var tenantId = await tenantManager.GetCurrentTenantIdAsync();
         await dbLoginEventsManager.LogOutEventAsync(tenantId, loginEventId);
+        await quotaSocketManager.LogoutSession(securityContext.CurrentAccount.ID, loginEventId);
 
         var user = await userManager.GetUsersAsync(securityContext.CurrentAccount.ID);
         var loginName = user.DisplayUserName(false, displayUserSettingsHelper);

diff --git a/web/ASC.Web.Api/Api/ConnectionsController.cs b/web/ASC.Web.Api/Api/ConnectionsController.cs
@@ -46,6 +46,7 @@ public class ConnectionsController(
     MessageService messageService,
     CookiesManager cookiesManager,
     CookieStorage cookieStorage,
+    QuotaSocketManager quotaSocketManager,
     GeolocationHelper geolocationHelper,
     ApiDateTimeHelper apiDateTimeHelper)
     : ControllerBase
@@ -223,7 +224,12 @@ public async Task<object> LogOutAllExceptThisConnection()
             var userName = user.DisplayUserName(false, displayUserSettingsHelper);
             var loginEventFromCookie = GetLoginEventIdFromCookie();
 
-            await dbLoginEventsManager.LogOutAllActiveConnectionsExceptThisAsync(loginEventFromCookie, user.TenantId, user.Id);
+            var loginEvents = await dbLoginEventsManager.LogOutAllActiveConnectionsExceptThisAsync(loginEventFromCookie, user.TenantId, user.Id);
+
+            foreach (var loginEvent in loginEvents)
+            {
+                await quotaSocketManager.LogoutSession(user.Id, loginEvent.Id);
+            }
 
             await messageService.SendAsync(MessageAction.UserLogoutActiveConnections, userName);
             return userName;
@@ -270,6 +276,11 @@ public async Task<bool> LogOutActiveConnection(int loginEventId)
 
             await dbLoginEventsManager.LogOutEventAsync(loginEvent.TenantId, loginEvent.Id);
 
+            if (loginEvent.UserId.HasValue)
+            {
+                await quotaSocketManager.LogoutSession(loginEvent.UserId.Value, loginEvent.Id);
+            }
+
             await messageService.SendAsync(MessageAction.UserLogoutActiveConnection, userName);
             return true;
         }
@@ -289,6 +300,8 @@ private async Task LogOutAllActiveConnections(Guid? userId = null)
 
         await messageService.SendAsync(currentUserId.Equals(user.Id) ? MessageAction.UserLogoutActiveConnections : MessageAction.UserLogoutActiveConnectionsForUser, MessageTarget.Create(user.Id), auditEventDate, userName);
         await cookiesManager.ResetUserCookieAsync(user.Id);
+
+        await quotaSocketManager.LogoutSession(user.Id);
     }
 
     private int GetLoginEventIdFromCookie()