Oauth endpoint surge token deletion #1270
Summary
Old mr !436 (closed) Closes #1270
Currently on the mobile app if you log into one account, then log out and into a different account, you will still receive push notifications for the first account.
This is because the Surge tokens (used for push notifications) that we use on the backend are not deleted on logout.
Steps
Video https://streamable.com/979cr
This is not the most straightforward feature to test, you will need to be set up on postman, and need to use kubectl exec -it
to check Cassandra on the review site.
- Open up Postman.
- Set up a set of environmental variables that point to this sandbox. For more information see here: https://developers.minds.com/docs/walk-throughs/postman/
- Navigate to
POST v2 oauth token
- Send the request - it will return your token.
- COPY the token to a text editor, keep it handy.
- On postman head over to
POST api v1 notifications
. - In the params, replace the token with your token. Hit send.
This should set the Surge token in Cassandra, so lets check.
- Get your user GUID (loading your channel on sandbox, watch the XHRs, filter channel, and get your GUID from the response)
- kubectl into the container
- Open cassandra (kubectl exec -it cassandra-0 cqlsh)
- Run
select * from minds.entities where key='1017892315210977294' AND column1='surge_token';
, replacing my GUID with your own. - There should be a value for the surge token.
- Now go to
DELETE v2 oauth token
, click theAuth
tab, and replace the bearer token with your own from your text editor. - Hit send, it should return a 200 with no body
- Re-run the cassandra command. Surge token should be gone.
Regression Scope
Changes v Impact
- Session\Manager - limited to the destroy functionality, so would affect anything that destroys a session (e.g. logging out).
- Entities\User - added functions and an exported value, I don't foresee any issues here.
Please register or sign in to reply