Oauth endpoint surge token deletion #1270
Summary
Old mr !436 (closed) Closes #1270
Currently on the mobile app if you log into one account, then log out and into a different account, you will still receive push notifications for the first account.
This is because the Surge tokens (used for push notifications) that we use on the backend are not deleted on logout.
Steps
Video https://streamable.com/979cr
This is not the most straightforward feature to test, you will need to be set up on postman, and need to use kubectl exec -it
to check Cassandra on the review site.
- Open up Postman.
- Set up a set of environmental variables that point to this sandbox. For more information see here: https://developers.minds.com/docs/walk-throughs/postman/
- Navigate to
POST v2 oauth token
- Send the request - it will return your token.
- COPY the token to a text editor, keep it handy.
- On postman head over to
POST api v1 notifications
. - In the params, replace the token with your token. Hit send.
This should set the Surge token in Cassandra, so lets check.
- Get your user GUID (loading your channel on sandbox, watch the XHRs, filter channel, and get your GUID from the response)
- kubectl into the container
- Open cassandra (kubectl exec -it cassandra-0 cqlsh)
- Run
select * from minds.entities where key='1017892315210977294' AND column1='surge_token';
, replacing my GUID with your own. - There should be a value for the surge token.
- Now go to
DELETE v2 oauth token
, click theAuth
tab, and replace the bearer token with your own from your text editor. - Hit send, it should return a 200 with no body
- Re-run the cassandra command. Surge token should be gone.
Regression Scope
Changes v Impact
- Session\Manager - limited to the destroy functionality, so would affect anything that destroys a session (e.g. logging out).
- Entities\User - added functions and an exported value, I don't foresee any issues here.
added scoped labels
changed the description
unmarked as a Work In Progress
changed the description
added 14 commits
-
dd035afc...be17eaf5 - 13 commits from branch
master
- aa7d6ff4 - Merge branch 'master' of gitlab.com:minds/engine into fix/logout-surge-token-deletion-1270
-
dd035afc...be17eaf5 - 13 commits from branch
added 12 commits
-
aa7d6ff4...e4fdcb9e - 11 commits from branch
master
- 30a7116c - Merge branch 'master' of gitlab.com:minds/engine into fix/logout-surge-token-deletion-1270
-
aa7d6ff4...e4fdcb9e - 11 commits from branch
added 10 commits
-
30a7116c...5e9b7bb9 - 9 commits from branch
master
- a192e242 - Merge branch 'master' of gitlab.com:minds/engine into fix/logout-surge-token-deletion-1270
-
30a7116c...5e9b7bb9 - 9 commits from branch
- Developer
The issue seems to be that the notification endpoint is not running in full. That endpoint is not touched in this fix. Can prove it works by skipping steps 6 and 7 and instead running
UPDATE minds.entities SET value = '123123' where key='{{ your guid }}' and column1='surge_token';
, - Developer
Let's make sure that it's not because we're revoking the surge tokens before we save the user. User calls ElggUser's save with then fires off a create event, so we have a couple of write operations which could be firing out of order and causing the not writing on review sites.
approved this merge request
approved this merge request
added scoped label and automatically removed label
- Developer
Note about possible caching conflicts on the POST request that could be causing an issue.
Plan - check on staging that it works.