fix: don't see developer tokens if not within the first 20 results (#4264)

imorland · web-flow · commit 58692be4756e · 2025-11-04T13:24:41.000Z
diff --git a/framework/core/js/src/forum/components/UserSecurityPage.tsx b/framework/core/js/src/forum/components/UserSecurityPage.tsx
@@ -194,14 +194,38 @@ export default class UserSecurityPage<CustomAttrs extends IUserPageAttrs = IUser
   }
 
   loadTokens() {
-    return app.store
+    const userId = this.user!.id()!;
+
+    // Load session tokens
+    const sessionsPromise = app.store
       .find<AccessToken[]>('access-tokens', {
-        filter: { user: this.user!.id()! },
+        filter: {
+          user: userId,
+          '-type': 'developer',
+        },
       })
       .then((tokens) => {
-        this.state.setTokens(tokens);
-        m.redraw();
+        return tokens;
+      });
+
+    // Load developer tokens
+    const developerPromise = app.store
+      .find<AccessToken[]>('access-tokens', {
+        filter: {
+          user: userId,
+          type: 'developer',
+        },
+      })
+      .then((tokens) => {
+        return tokens;
       });
+
+    return Promise.all([sessionsPromise, developerPromise]).then(([sessions, developerTokens]) => {
+      // Combine both arrays
+      const allTokens = [...sessions, ...developerTokens];
+      this.state.setTokens(allTokens);
+      m.redraw();
+    });
   }
 
   terminateAllOtherSessions() {
diff --git a/framework/core/src/Filter/FilterServiceProvider.php b/framework/core/src/Filter/FilterServiceProvider.php
@@ -37,6 +37,7 @@ public function register()
             return [
                 AccessTokenFilterer::class => [
                     HttpFilter\UserFilter::class,
+                    HttpFilter\AccessTokenTypeFilter::class,
                 ],
                 DiscussionFilterer::class => [
                     DiscussionQuery\AuthorFilterGambit::class,
diff --git a/framework/core/src/Http/Filter/AccessTokenTypeFilter.php b/framework/core/src/Http/Filter/AccessTokenTypeFilter.php
@@ -0,0 +1,31 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Http\Filter;
+
+use Flarum\Filter\FilterInterface;
+use Flarum\Filter\FilterState;
+use Flarum\Filter\ValidateFilterTrait;
+
+class AccessTokenTypeFilter implements FilterInterface
+{
+    use ValidateFilterTrait;
+
+    public function getFilterKey(): string
+    {
+        return 'type';
+    }
+
+    public function filter(FilterState $filterState, $filterValue, bool $negate)
+    {
+        $type = $this->asString($filterValue);
+
+        $filterState->getQuery()->where('type', $negate ? '!=' : '=', $type);
+    }
+}
