feat: implement force logout event and update navigation redirects

2026-03-05 09:52:19 -05:00
parent 992dd8423f
commit ccfc710753
8 changed files with 38 additions and 10 deletions
--- a/backend/api/auth_api.py
+++ b/backend/api/auth_api.py
@@ -14,6 +14,10 @@ from werkzeug.security import generate_password_hash, check_password_hash

 from api.utils import sanitize_email
 from config.paths import get_user_image_dir
+from events.sse import send_event_to_user
+from events.types.event import Event
+from events.types.event_types import EventType
+from events.types.payload import Payload

 from api.error_codes import (
    MISSING_FIELDS, EMAIL_EXISTS, MISSING_TOKEN, INVALID_TOKEN, TOKEN_TIMESTAMP_MISSING,
@@ -359,6 +363,9 @@ def reset_password():
    # Invalidate ALL refresh tokens for this user
    refresh_tokens_db.remove(TokenQuery.user_id == user.id)

+    # Notify all active sessions (other tabs/devices) to sign out immediately
+    send_event_to_user(user.id, Event(EventType.FORCE_LOGOUT.value, Payload({})))
+
    resp = jsonify({'message': 'Password has been reset'})
    _clear_auth_cookies(resp)
    return resp, 200
--- a/backend/events/types/event_types.py
+++ b/backend/events/types/event_types.py
@@ -27,3 +27,5 @@ class EventType(Enum):
    CHORE_SCHEDULE_MODIFIED = "chore_schedule_modified"
    CHORE_TIME_EXTENDED = "chore_time_extended"
    CHILD_CHORE_CONFIRMATION = "child_chore_confirmation"
+
+    FORCE_LOGOUT = "force_logout"