Surge token deletion on logout #1270
Summary
Closes #1270
Currently on the mobile app if you log into one account, then log out and into a different account, you will still receive push notifications for the first account.
This is because the Surge tokens (used for push notifications) that we use on the backend are not deleted on logout.
Steps
To hammer out with @brianhatchet and @msantang78. This is going to likely be tricky to test as we do not digest push notifications on the front-end, just the mobile app. This may require us using a manual build of the app and plugging it into the associated sandbox.
I would recommend testing sessions and account swapping/triggering notifications.
Regression Scope
Changes v Impact
- api/v1/notifications - Simple change, setting the token on notif POST (from mobile).
- Session\Manager - limited to the destroy functionality, so would affect anything that destroys a session (e.g. logging out).
- Entities\User - added functions and an exported value, I don't foresee any issues here.
added scoped labels
![Ben Hayward](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="200" height="200"><rect fill-opacity="0"/></svg>)
DeveloperSet to blocked pending chat with Brian and Martin.
assigned to @brianhatchet, @msantang78, and @benhayward.ben
DeveloperTesting on the app requires two things that we don't have.
- An ability to change the base url in the app for testing purposes.
- The ability to push notifications from the review sites.
So, let's add some logging to show the push notifications going out so we can verify the body of the notification. Once we're sure the logging works, we'll verify it on staging
added scoped label and automatically removed label
146 146 'service' => $service, 147 147 'token' => $passed_token 148 148 ]); 149 150 Core\Session::getLoggedInUser() 151 ->setSurgeToken($token) 152 ->save(); - Developer
We need to dump notification JSON do it in notifications file, but behind developer mode or feature flag.
1227 1228 'toaster_notifications', 1228 1229 'mode', 1229 1230 'btc_address', 1231 'surge_token', ![Emiliano Balbuena](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="80" height="80"><rect fill-opacity="0"/></svg>)
DeveloperI'm not sure if we actually need to export surge_token. This will make it visible to the public.
246 247 public function destroy($all = false) 247 248 { 248 249 if ($this->session) { 249 $this->repository->delete($this->session, $all); 250 if (!$this->user) { 251 // If no user set grab from session. 252 $this->user = new User($this->session->getLoggedInUser()); - Developer
Set the User constructor 2nd parameter to
falseto disable fetching cached entity.new User(..., false);
- Developer
Added a couple of feedback items, @benhayward.ben
added scoped label and automatically removed label
![:speech_balloon:](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="64" height="64"><rect fill-opacity="0"/></svg> ":speech_balloon:"){kind=small}