diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 34faad4fa6..0337be36c2 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -687,6 +687,7 @@ class AuthHandler(BaseHandler):
yield self.store.user_delete_threepids(user_id)
yield self.store.user_set_password_hash(user_id, None)
+ @defer.inlineCallbacks
def delete_access_token(self, access_token):
"""Invalidate a single access token
@@ -696,8 +697,19 @@ class AuthHandler(BaseHandler):
Returns:
Deferred
"""
- return self.store.delete_access_token(access_token)
+ user_info = yield self.auth.get_user_by_access_token(access_token)
+ yield self.store.delete_access_token(access_token)
+
+ # see if any of our auth providers want to know about this
+ for provider in self.password_providers:
+ if hasattr(provider, "on_logged_out"):
+ yield provider.on_logged_out(
+ user_id=str(user_info["user"]),
+ device_id=user_info["device_id"],
+ access_token=access_token,
+ )
+ @defer.inlineCallbacks
def delete_access_tokens_for_user(self, user_id, except_token_id=None,
device_id=None):
"""Invalidate access tokens belonging to a user
@@ -712,10 +724,20 @@ class AuthHandler(BaseHandler):
Returns:
Deferred
"""
- return self.store.user_delete_access_tokens(
+ tokens_and_devices = yield self.store.user_delete_access_tokens(
user_id, except_token_id=except_token_id, device_id=device_id,
)
+ # see if any of our auth providers want to know about this
+ for provider in self.password_providers:
+ if hasattr(provider, "on_logged_out"):
+ for token, device_id in tokens_and_devices:
+ yield provider.on_logged_out(
+ user_id=user_id,
+ device_id=device_id,
+ access_token=token,
+ )
+
@defer.inlineCallbacks
def add_threepid(self, user_id, medium, address, validated_at):
# 'Canonicalise' email addresses down to lower case.
diff --git a/synapse/storage/registration.py b/synapse/storage/registration.py
index 65ddefda92..9c4f61da76 100644
--- a/synapse/storage/registration.py
+++ b/synapse/storage/registration.py
@@ -255,7 +255,8 @@ class RegistrationStore(background_updates.BackgroundUpdateStore):
If None, tokens associated with any device (or no device) will
be deleted
Returns:
- defer.Deferred:
+ defer.Deferred[list[str, str|None]]: a list of the deleted tokens
+ and device IDs
"""
def f(txn):
keyvalues = {
@@ -272,14 +273,14 @@ class RegistrationStore(background_updates.BackgroundUpdateStore):
values.append(except_token_id)
txn.execute(
- "SELECT token FROM access_tokens WHERE %s" % where_clause,
+ "SELECT token, device_id FROM access_tokens WHERE %s" % where_clause,
values
)
- rows = self.cursor_to_dict(txn)
+ tokens_and_devices = [(r[0], r[1]) for r in txn]
- for row in rows:
+ for token, _ in tokens_and_devices:
self._invalidate_cache_and_stream(
- txn, self.get_user_by_access_token, (row["token"],)
+ txn, self.get_user_by_access_token, (token,)
)
txn.execute(
@@ -287,6 +288,8 @@ class RegistrationStore(background_updates.BackgroundUpdateStore):
values
)
+ return tokens_and_devices
+
yield self.runInteraction(
"user_delete_access_tokens", f,
)
|
