Merge pull request #1263 from turt2live/travis/logout_all

Document /logout/all

api/client-server/logout.yaml

@@ -44,3 +44,26 @@ paths:
             properties: {}
       tags:
         - Session management
+  "/logout/all":
+    post:
+      summary: Invalidates all access tokens for a user
+      description: |-
+        Invalidates all access tokens for a user, so that they can no longer be used for
+        authorization. This includes the access token that made this request. 
+
+        This endpoint does not require UI authorization because UI authorization is
+        designed to protect against attacks where the someone gets hold of a single access
+        token then takes over the account. This endpoint invalidates all access tokens for
+        the user, including the token used in the request, and therefore the attacker is
+        unable to take over the account in this way.
+      operationId: logout_all
+      security:
+        - accessToken: []
+      responses:
+        200:
+          description: The user's access tokens were succesfully invalidated.
+          schema:
+            type: object
+            properties: {}
+      tags:
+        - Session management

changelogs/client_server.rst

@@ -48,6 +48,8 @@ Unreleased changes
     (`#1142 <https://github.com/matrix-org/matrix-doc/pull/1142>`_).
   - Add the ``/register/available`` endpoint for username availability
     (`#1151 <https://github.com/matrix-org/matrix-doc/pull/1151>`_).
+  - Document ``/logout/all`` endpoint
+    (`#1263 <https://github.com/matrix-org/matrix-doc/pull/1263>`_).
 
 r0.3.0
 ======