improve session cards

kilbot · kilbot · commit 8deafc251fa4 · 2025-11-15T18:08:31.000+01:00
diff --git a/includes/Services/Auth.php b/includes/Services/Auth.php
@@ -479,60 +479,6 @@ public function revoke_all_refresh_tokens( int $user_id ): bool {
 		return delete_user_meta( $user_id, '_woocommerce_pos_refresh_tokens' );
 	}
 
-	/**
-	 * Store refresh token JTI for tracking/revocation.
-	 *
-	 * @param int    $user_id
-	 * @param string $jti
-	 * @param int    $expires
-	 */
-	private function store_refresh_token_jti( int $user_id, string $jti, int $expires ): void {
-		$refresh_tokens = get_user_meta( $user_id, '_woocommerce_pos_refresh_tokens', true );
-		if ( ! \is_array( $refresh_tokens ) ) {
-			$refresh_tokens = array();
-		}
-
-		// Clean up expired tokens
-		$refresh_tokens = array_filter( $refresh_tokens, function( $token ) {
-			return $token['expires'] > time();
-		});
-
-		// Capture session metadata
-		$current_time = time();
-		$ip_address   = $this->get_client_ip();
-		$user_agent   = isset( $_SERVER['HTTP_USER_AGENT'] ) ? sanitize_text_field( wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) ) : '';
-		$device_info  = $this->parse_user_agent( $user_agent );
-
-		// Add new token with metadata
-		$refresh_tokens[ $jti ] = array(
-			'expires'     => $expires,
-			'created'     => $current_time,
-			'last_active' => $current_time,
-			'ip_address'  => $ip_address,
-			'user_agent'  => $user_agent,
-			'device_info' => $device_info,
-		);
-
-		update_user_meta( $user_id, '_woocommerce_pos_refresh_tokens', $refresh_tokens );
-	}
-
-	/**
-	 * Check if refresh token is still valid (not revoked).
-	 *
-	 * @param int    $user_id
-	 * @param string $jti
-	 *
-	 * @return bool
-	 */
-	private function is_refresh_token_valid( int $user_id, string $jti ): bool {
-		$refresh_tokens = get_user_meta( $user_id, '_woocommerce_pos_refresh_tokens', true );
-		if ( ! \is_array( $refresh_tokens ) ) {
-			return false;
-		}
-
-		return isset( $refresh_tokens[ $jti ] ) && $refresh_tokens[ $jti ]['expires'] > time();
-	}
-
 	/**
 	 * Get all active sessions for a user.
 	 *
@@ -557,11 +503,11 @@ public function get_user_sessions( int $user_id ): array {
 
 			$sessions[] = array(
 				'jti'         => $jti,
-				'created'     => $token_data['created'] ?? $current_time,
+				'created'     => $token_data['created']     ?? $current_time,
 				'last_active' => $token_data['last_active'] ?? $token_data['created'] ?? $current_time,
 				'expires'     => $token_data['expires'],
-				'ip_address'  => $token_data['ip_address'] ?? '',
-				'user_agent'  => $token_data['user_agent'] ?? '',
+				'ip_address'  => $token_data['ip_address']  ?? '',
+				'user_agent'  => $token_data['user_agent']  ?? '',
 				'device_info' => $token_data['device_info'] ?? array(),
 			);
 		}
@@ -655,6 +601,103 @@ public function can_manage_user_sessions( int $target_user_id ): bool {
 		return false;
 	}
 
+	/**
+	 * Blacklist an access token by JTI (for instant revocation).
+	 *
+	 * @param string $jti Access token JTI.
+	 * @param int    $ttl Time to live in seconds (until token expires).
+	 *
+	 * @return bool
+	 */
+	public function blacklist_access_token( string $jti, int $ttl ): bool {
+		if ( empty( $jti ) ) {
+			return false;
+		}
+
+		// Use transient with TTL matching token expiration
+		return set_transient( "wcpos_blacklist_{$jti}", true, $ttl );
+	}
+
+	/**
+	 * Revoke session and blacklist current access token.
+	 *
+	 * @param int    $user_id
+	 * @param string $refresh_jti Refresh token JTI.
+	 * @param string $access_jti  Optional access token JTI to blacklist immediately.
+	 *
+	 * @return bool
+	 */
+	public function revoke_session_with_blacklist( int $user_id, string $refresh_jti, string $access_jti = '' ): bool {
+		// Revoke the refresh token (session)
+		$revoked = $this->revoke_session( $user_id, $refresh_jti );
+
+		// Blacklist the current access token if provided
+		if ( $revoked && ! empty( $access_jti ) ) {
+			// Calculate TTL - access tokens expire in 30 minutes by default
+			$issued_at = time();
+			$expire    = apply_filters( 'woocommerce_pos_jwt_access_token_expire', $issued_at + ( HOUR_IN_SECONDS / 2 ), $issued_at );
+			$ttl       = max( 0, $expire - $issued_at );
+
+			$this->blacklist_access_token( $access_jti, $ttl );
+		}
+
+		return $revoked;
+	}
+
+	/**
+	 * Store refresh token JTI for tracking/revocation.
+	 *
+	 * @param int    $user_id
+	 * @param string $jti
+	 * @param int    $expires
+	 */
+	private function store_refresh_token_jti( int $user_id, string $jti, int $expires ): void {
+		$refresh_tokens = get_user_meta( $user_id, '_woocommerce_pos_refresh_tokens', true );
+		if ( ! \is_array( $refresh_tokens ) ) {
+			$refresh_tokens = array();
+		}
+
+		// Clean up expired tokens
+		$refresh_tokens = array_filter( $refresh_tokens, function( $token ) {
+			return $token['expires'] > time();
+		});
+
+		// Capture session metadata
+		$current_time = time();
+		$ip_address   = $this->get_client_ip();
+		$user_agent   = isset( $_SERVER['HTTP_USER_AGENT'] ) ? sanitize_text_field( wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) ) : '';
+		$device_info  = $this->parse_user_agent( $user_agent );
+
+		// Add new token with metadata
+		$refresh_tokens[ $jti ] = array(
+			'expires'     => $expires,
+			'created'     => $current_time,
+			'last_active' => $current_time,
+			'ip_address'  => $ip_address,
+			'user_agent'  => $user_agent,
+			'device_info' => $device_info,
+		);
+
+		update_user_meta( $user_id, '_woocommerce_pos_refresh_tokens', $refresh_tokens );
+	}
+
+	/**
+	 * Check if refresh token is still valid (not revoked).
+	 *
+	 * @param int    $user_id
+	 * @param string $jti
+	 *
+	 * @return bool
+	 */
+	private function is_refresh_token_valid( int $user_id, string $jti ): bool {
+		$refresh_tokens = get_user_meta( $user_id, '_woocommerce_pos_refresh_tokens', true );
+		if ( ! \is_array( $refresh_tokens ) ) {
+			return false;
+		}
+
+		return isset( $refresh_tokens[ $jti ] ) && $refresh_tokens[ $jti ]['expires'] > time();
+	}
+
 	/**
 	 * Get client IP address.
 	 *
@@ -675,10 +718,11 @@ private function get_client_ip(): string {
 			if ( ! empty( $_SERVER[ $header ] ) ) {
 				$ip_address = sanitize_text_field( wp_unslash( $_SERVER[ $header ] ) );
 				// Handle comma-separated IPs (X-Forwarded-For can contain multiple IPs)
-				if ( strpos( $ip_address, ',' ) !== false ) {
+				if ( false !== strpos( $ip_address, ',' ) ) {
 					$ip_parts   = explode( ',', $ip_address );
 					$ip_address = trim( $ip_parts[0] );
 				}
+
 				break;
 			}
 		}
@@ -712,28 +756,35 @@ private function parse_user_agent( string $user_agent ): array {
 		}
 
 		// Detect WooCommerce POS apps first (custom identifiers)
-		// Your apps should add identifiers like: "WCPOS-iOS/1.0.0" or "WooCommercePOS-iOS/1.0.0"
-		if ( preg_match( '/WCPOS[-_]?iOS|WooCommercePOS[-_]?iOS/i', $user_agent ) ) {
+		// Check for Electron app (including just "WooCommercePOS" in user agent with Electron)
+		if ( preg_match( '/Electron/i', $user_agent ) && preg_match( '/WooCommercePOS|WCPOS/i', $user_agent ) ) {
+			$device_info['app_type']    = 'electron_app';
+			$device_info['browser']     = 'WooCommerce POS';
+			$device_info['device_type'] = 'desktop';
+			// Try to extract WooCommercePOS version
+			if ( preg_match( '/WooCommercePOS[\/\s]([0-9.]+)/i', $user_agent, $matches ) ) {
+				$device_info['browser_version'] = $matches[1];
+			} elseif ( preg_match( '/WCPOS[\/\s]([0-9.]+)/i', $user_agent, $matches ) ) {
+				$device_info['browser_version'] = $matches[1];
+			}
+		} elseif ( preg_match( '/WCPOS[-_]?iOS|WooCommercePOS[-_]?iOS/i', $user_agent ) ) {
 			$device_info['app_type']     = 'ios_app';
 			$device_info['browser']      = 'WooCommerce POS';
-			$device_info['device_type']  = preg_match( '/ipad/i', $user_agent ) ? 'tablet' : 'mobile';
+			// Default to tablet unless explicitly detected as phone
+			$device_info['device_type']  = preg_match( '/iphone|ipod/i', $user_agent ) ? 'mobile' : 'tablet';
 			if ( preg_match( '/WCPOS[-_]?iOS[\/\s]([0-9.]+)/i', $user_agent, $matches ) ) {
 				$device_info['browser_version'] = $matches[1];
+			} elseif ( preg_match( '/WooCommercePOS[\/\s]([0-9.]+)/i', $user_agent, $matches ) ) {
+				$device_info['browser_version'] = $matches[1];
 			}
 		} elseif ( preg_match( '/WCPOS[-_]?Android|WooCommercePOS[-_]?Android/i', $user_agent ) ) {
 			$device_info['app_type']     = 'android_app';
 			$device_info['browser']      = 'WooCommerce POS';
-			$device_info['device_type']  = preg_match( '/tablet/i', $user_agent ) ? 'tablet' : 'mobile';
+			// Default to tablet unless explicitly detected as mobile
+			$device_info['device_type']  = preg_match( '/mobile/i', $user_agent ) && ! preg_match( '/tablet/i', $user_agent ) ? 'mobile' : 'tablet';
 			if ( preg_match( '/WCPOS[-_]?Android[\/\s]([0-9.]+)/i', $user_agent, $matches ) ) {
 				$device_info['browser_version'] = $matches[1];
-			}
-		} elseif ( preg_match( '/WCPOS[-_]?Electron|WooCommercePOS[-_]?Electron|Electron.*WCPOS/i', $user_agent ) ) {
-			$device_info['app_type']    = 'electron_app';
-			$device_info['browser']     = 'WooCommerce POS';
-			$device_info['device_type'] = 'desktop';
-			if ( preg_match( '/WCPOS[-_]?Electron[\/\s]([0-9.]+)/i', $user_agent, $matches ) ) {
-				$device_info['browser_version'] = $matches[1];
-			} elseif ( preg_match( '/Electron\/([0-9.]+)/i', $user_agent, $matches ) ) {
+			} elseif ( preg_match( '/WooCommercePOS[\/\s]([0-9.]+)/i', $user_agent, $matches ) ) {
 				$device_info['browser_version'] = $matches[1];
 			}
 		}
@@ -798,23 +849,6 @@ private function parse_user_agent( string $user_agent ): array {
 		return $device_info;
 	}
 
-	/**
-	 * Blacklist an access token by JTI (for instant revocation).
-	 *
-	 * @param string $jti Access token JTI.
-	 * @param int    $ttl Time to live in seconds (until token expires).
-	 *
-	 * @return bool
-	 */
-	public function blacklist_access_token( string $jti, int $ttl ): bool {
-		if ( empty( $jti ) ) {
-			return false;
-		}
-
-		// Use transient with TTL matching token expiration
-		return set_transient( "wcpos_blacklist_{$jti}", true, $ttl );
-	}
-
 	/**
 	 * Check if an access token is blacklisted.
 	 *
@@ -830,30 +864,4 @@ private function is_access_token_blacklisted( string $jti ): bool {
 		// Check transient
 		return false !== get_transient( "wcpos_blacklist_{$jti}" );
 	}
-
-	/**
-	 * Revoke session and blacklist current access token.
-	 *
-	 * @param int    $user_id
-	 * @param string $refresh_jti Refresh token JTI.
-	 * @param string $access_jti Optional access token JTI to blacklist immediately.
-	 *
-	 * @return bool
-	 */
-	public function revoke_session_with_blacklist( int $user_id, string $refresh_jti, string $access_jti = '' ): bool {
-		// Revoke the refresh token (session)
-		$revoked = $this->revoke_session( $user_id, $refresh_jti );
-
-		// Blacklist the current access token if provided
-		if ( $revoked && ! empty( $access_jti ) ) {
-			// Calculate TTL - access tokens expire in 30 minutes by default
-			$issued_at = time();
-			$expire    = apply_filters( 'woocommerce_pos_jwt_access_token_expire', $issued_at + ( HOUR_IN_SECONDS / 2 ), $issued_at );
-			$ttl       = max( 0, $expire - $issued_at );
-
-			$this->blacklist_access_token( $access_jti, $ttl );
-		}
-
-		return $revoked;
-	}
 }
diff --git a/packages/settings/src/screens/sessions/session-card.tsx b/packages/settings/src/screens/sessions/session-card.tsx
@@ -45,40 +45,42 @@ const SessionCard: React.FC<SessionCardProps> = ({ session, onDelete, isDeleting
 	};
 
 	const getDeviceIcon = (deviceInfo: Session['device_info']) => {
-		// Check app type first for native apps
+		// Check app type first
 		switch (deviceInfo.app_type) {
 			case 'ios_app':
-				return '📱'; // iOS app icon
+				// Default to tablet for iOS unless explicitly iPhone
+				return deviceInfo.device_type === 'mobile' ? '📱' : '📲';
 			case 'android_app':
-				return '🤖'; // Android app icon
+				// Default to tablet for Android unless explicitly mobile
+				return deviceInfo.device_type === 'mobile' ? '📱' : '📲';
 			case 'electron_app':
-				return '🖥️'; // Desktop app icon
+				return '💻'; // Desktop app icon
 			case 'web':
 			default:
-				// Fall back to device type for web browsers
+				// Web browser - use globe for desktop, phone/tablet for mobile
 				switch (deviceInfo.device_type) {
 					case 'mobile':
 						return '📱';
 					case 'tablet':
 						return '📲';
 					case 'desktop':
 					default:
-						return '💻';
+						return '🌐'; // Globe icon for web
 				}
 		}
 	};
 
 	const getAppTypeLabel = (appType?: string) => {
 		switch (appType) {
 			case 'ios_app':
-				return t('iOS App', { _tags: 'wp-admin-settings' });
+				return t('iOS Application', { _tags: 'wp-admin-settings' });
 			case 'android_app':
-				return t('Android App', { _tags: 'wp-admin-settings' });
+				return t('Android Application', { _tags: 'wp-admin-settings' });
 			case 'electron_app':
-				return t('Desktop App', { _tags: 'wp-admin-settings' });
+				return t('Desktop Application', { _tags: 'wp-admin-settings' });
 			case 'web':
 			default:
-				return t('Web', { _tags: 'wp-admin-settings' });
+				return t('Web Application', { _tags: 'wp-admin-settings' });
 		}
 	};
 
@@ -129,16 +131,17 @@ const SessionCard: React.FC<SessionCardProps> = ({ session, onDelete, isDeleting
 						{/* Title and button */}
 						<div className="wcpos:flex wcpos:items-start wcpos:justify-between wcpos:gap-2">
 							<div className="wcpos:flex-1">
-								<h3 className="wcpos:font-medium wcpos:text-sm wcpos:text-gray-900 wcpos:leading-tight">
-									{session.device_info.browser}{' '}
+								<h3 className="wcpos:font-semibold wcpos:text-sm wcpos:text-gray-900 wcpos:leading-tight">
+									{getAppTypeLabel(session.device_info.app_type)}
 									{session.device_info.browser_version && (
 										<span className="wcpos:text-gray-500 wcpos:font-normal wcpos:text-xs">
+											{' '}
 											{session.device_info.browser_version}
 										</span>
 									)}
 								</h3>
 								<p className="wcpos:text-xs wcpos:text-gray-600 wcpos:mt-0.5">
-									{session.device_info.os}
+									{session.device_info.browser} • {session.device_info.os}
 								</p>
 							</div>
 
@@ -157,23 +160,8 @@ const SessionCard: React.FC<SessionCardProps> = ({ session, onDelete, isDeleting
 							)}
 						</div>
 
-						{/* Platform badge and last active */}
+						{/* Last active */}
 						<div className="wcpos:flex wcpos:items-center wcpos:gap-2 wcpos:mt-2 wcpos:mb-2">
-							<span
-								className={classNames(
-									'wcpos:inline-flex wcpos:items-center wcpos:px-1.5 wcpos:py-0.5 wcpos:rounded wcpos:text-xs wcpos:font-medium',
-									session.device_info.app_type === 'web'
-										? 'wcpos:bg-blue-100 wcpos:text-blue-800'
-										: session.device_info.app_type === 'ios_app'
-										? 'wcpos:bg-purple-100 wcpos:text-purple-800'
-										: session.device_info.app_type === 'android_app'
-										? 'wcpos:bg-green-100 wcpos:text-green-800'
-										: 'wcpos:bg-gray-100 wcpos:text-gray-800'
-								)}
-							>
-								{getAppTypeLabel(session.device_info.app_type)}
-							</span>
-							<span className="wcpos:text-xs wcpos:text-gray-400">•</span>
 							<span className="wcpos:text-xs wcpos:text-gray-600">
 								{getTimeAgo(session.last_active)}
 							</span>
