forked from MirrorHub/synapse
Remove pushers when deleting access tokens
Whenever an access token is invalidated, we should remove the associated pushers.
This commit is contained in:
parent
97d1a1dc01
commit
2c6d63922a
3 changed files with 32 additions and 18 deletions
|
@ -664,9 +664,6 @@ class AuthHandler(BaseHandler):
|
||||||
yield self.delete_access_tokens_for_user(
|
yield self.delete_access_tokens_for_user(
|
||||||
user_id, except_token_id=except_access_token_id,
|
user_id, except_token_id=except_access_token_id,
|
||||||
)
|
)
|
||||||
yield self.hs.get_pusherpool().remove_pushers_by_user(
|
|
||||||
user_id, except_access_token_id
|
|
||||||
)
|
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def deactivate_account(self, user_id):
|
def deactivate_account(self, user_id):
|
||||||
|
@ -706,6 +703,12 @@ class AuthHandler(BaseHandler):
|
||||||
access_token=access_token,
|
access_token=access_token,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# delete pushers associated with this access token
|
||||||
|
if user_info["token_id"] is not None:
|
||||||
|
yield self.hs.get_pusherpool().remove_pushers_by_access_token(
|
||||||
|
str(user_info["user"]), (user_info["token_id"], )
|
||||||
|
)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def delete_access_tokens_for_user(self, user_id, except_token_id=None,
|
def delete_access_tokens_for_user(self, user_id, except_token_id=None,
|
||||||
device_id=None):
|
device_id=None):
|
||||||
|
@ -728,13 +731,18 @@ class AuthHandler(BaseHandler):
|
||||||
# see if any of our auth providers want to know about this
|
# see if any of our auth providers want to know about this
|
||||||
for provider in self.password_providers:
|
for provider in self.password_providers:
|
||||||
if hasattr(provider, "on_logged_out"):
|
if hasattr(provider, "on_logged_out"):
|
||||||
for token, device_id in tokens_and_devices:
|
for token, token_id, device_id in tokens_and_devices:
|
||||||
yield provider.on_logged_out(
|
yield provider.on_logged_out(
|
||||||
user_id=user_id,
|
user_id=user_id,
|
||||||
device_id=device_id,
|
device_id=device_id,
|
||||||
access_token=token,
|
access_token=token,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# delete pushers associated with the access tokens
|
||||||
|
yield self.hs.get_pusherpool().remove_pushers_by_access_token(
|
||||||
|
user_id, (token_id for _, token_id, _ in tokens_and_devices),
|
||||||
|
)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def add_threepid(self, user_id, medium, address, validated_at):
|
def add_threepid(self, user_id, medium, address, validated_at):
|
||||||
# 'Canonicalise' email addresses down to lower case.
|
# 'Canonicalise' email addresses down to lower case.
|
||||||
|
|
|
@ -103,19 +103,25 @@ class PusherPool:
|
||||||
yield self.remove_pusher(p['app_id'], p['pushkey'], p['user_name'])
|
yield self.remove_pusher(p['app_id'], p['pushkey'], p['user_name'])
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def remove_pushers_by_user(self, user_id, except_access_token_id=None):
|
def remove_pushers_by_access_token(self, user_id, access_tokens):
|
||||||
all = yield self.store.get_all_pushers()
|
"""Remove the pushers for a given user corresponding to a set of
|
||||||
logger.info(
|
access_tokens.
|
||||||
"Removing all pushers for user %s except access tokens id %r",
|
|
||||||
user_id, except_access_token_id
|
Args:
|
||||||
)
|
user_id (str): user to remove pushers for
|
||||||
for p in all:
|
access_tokens (Iterable[int]): access token *ids* to remove pushers
|
||||||
if p['user_name'] == user_id and p['access_token'] != except_access_token_id:
|
for
|
||||||
|
"""
|
||||||
|
tokens = set(access_tokens)
|
||||||
|
for p in (yield self.store.get_pushers_by_user_id(user_id)):
|
||||||
|
if p['access_token'] in tokens:
|
||||||
logger.info(
|
logger.info(
|
||||||
"Removing pusher for app id %s, pushkey %s, user %s",
|
"Removing pusher for app id %s, pushkey %s, user %s",
|
||||||
p['app_id'], p['pushkey'], p['user_name']
|
p['app_id'], p['pushkey'], p['user_name']
|
||||||
)
|
)
|
||||||
yield self.remove_pusher(p['app_id'], p['pushkey'], p['user_name'])
|
yield self.remove_pusher(
|
||||||
|
p['app_id'], p['pushkey'], p['user_name'],
|
||||||
|
)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def on_new_notifications(self, min_stream_id, max_stream_id):
|
def on_new_notifications(self, min_stream_id, max_stream_id):
|
||||||
|
|
|
@ -254,8 +254,8 @@ class RegistrationStore(background_updates.BackgroundUpdateStore):
|
||||||
If None, tokens associated with any device (or no device) will
|
If None, tokens associated with any device (or no device) will
|
||||||
be deleted
|
be deleted
|
||||||
Returns:
|
Returns:
|
||||||
defer.Deferred[list[str, str|None]]: a list of the deleted tokens
|
defer.Deferred[list[str, int, str|None, int]]: a list of
|
||||||
and device IDs
|
(token, token id, device id) for each of the deleted tokens
|
||||||
"""
|
"""
|
||||||
def f(txn):
|
def f(txn):
|
||||||
keyvalues = {
|
keyvalues = {
|
||||||
|
@ -272,12 +272,12 @@ class RegistrationStore(background_updates.BackgroundUpdateStore):
|
||||||
values.append(except_token_id)
|
values.append(except_token_id)
|
||||||
|
|
||||||
txn.execute(
|
txn.execute(
|
||||||
"SELECT token, device_id FROM access_tokens WHERE %s" % where_clause,
|
"SELECT token, id, device_id FROM access_tokens WHERE %s" % where_clause,
|
||||||
values
|
values
|
||||||
)
|
)
|
||||||
tokens_and_devices = [(r[0], r[1]) for r in txn]
|
tokens_and_devices = [(r[0], r[1], r[2]) for r in txn]
|
||||||
|
|
||||||
for token, _ in tokens_and_devices:
|
for token, _, _ in tokens_and_devices:
|
||||||
self._invalidate_cache_and_stream(
|
self._invalidate_cache_and_stream(
|
||||||
txn, self.get_user_by_access_token, (token,)
|
txn, self.get_user_by_access_token, (token,)
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in a new issue