From 21ed45188267791148be9fc302ba8aaf1ddd7c00 Mon Sep 17 00:00:00 2001 From: Quentin Gliech Date: Tue, 16 Jul 2024 12:15:21 +0200 Subject: [PATCH] Kill all sessions when deactivating a user --- crates/tasks/src/user.rs | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/crates/tasks/src/user.rs b/crates/tasks/src/user.rs index fe64b6c16..7fd711ff8 100644 --- a/crates/tasks/src/user.rs +++ b/crates/tasks/src/user.rs @@ -15,8 +15,10 @@ use anyhow::Context; use apalis_core::{context::JobContext, executor::TokioExecutor, monitor::Monitor}; use mas_storage::{ + compat::CompatSessionFilter, job::{DeactivateUserJob, JobWithSpanContext, ReactivateUserJob}, - user::UserRepository, + oauth2::OAuth2SessionFilter, + user::{BrowserSessionFilter, UserRepository}, RepositoryAccess, }; use tracing::info; @@ -52,7 +54,33 @@ async fn deactivate_user( .await .context("Failed to lock user")?; - // TODO: delete the sessions & access tokens + // Kill all sessions for the user + let n = repo + .browser_session() + .finish_bulk( + &clock, + BrowserSessionFilter::new().for_user(&user).active_only(), + ) + .await?; + info!(affected = n, "Killed all browser sessions for user"); + + let n = repo + .oauth2_session() + .finish_bulk( + &clock, + OAuth2SessionFilter::new().for_user(&user).active_only(), + ) + .await?; + info!(affected = n, "Killed all OAuth 2.0 sessions for user"); + + let n = repo + .compat_session() + .finish_bulk( + &clock, + CompatSessionFilter::new().for_user(&user).active_only(), + ) + .await?; + info!(affected = n, "Killed all compatibility sessions for user"); // Before calling back to the homeserver, commit the changes to the database, as // we want the user to be locked out as soon as possible