Summary

Old mr !436 (closed) Closes #1270

Currently on the mobile app if you log into one account, then log out and into a different account, you will still receive push notifications for the first account.

This is because the Surge tokens (used for push notifications) that we use on the backend are not deleted on logout.

Steps

Video https://streamable.com/979cr

This is not the most straightforward feature to test, you will need to be set up on postman, and need to use kubectl exec -it to check Cassandra on the review site.

1. Open up Postman.
2. Set up a set of environmental variables that point to this sandbox. For more information see here: https://developers.minds.com/docs/walk-throughs/postman/
3. Navigate to POST v2 oauth token
4. Send the request - it will return your token.
5. COPY the token to a text editor, keep it handy.
6. On postman head over to POST api v1 notifications.
7. In the params, replace the token with your token. Hit send.

This should set the Surge token in Cassandra, so lets check.

8. Get your user GUID (loading your channel on sandbox, watch the XHRs, filter channel, and get your GUID from the response)
9. kubectl into the container
10. Open cassandra (kubectl exec -it cassandra-0 cqlsh)
11. Run select * from minds.entities where key='1017892315210977294' AND column1='surge_token';, replacing my GUID with your own.
12. There should be a value for the surge token.
13. Now go to DELETE v2 oauth token, click the Auth tab, and replace the bearer token with your own from your text editor.
14. Hit send, it should return a 200 with no body
15. Re-run the cassandra command. Surge token should be gone.

Regression Scope

Changes v Impact

• Session\Manager - limited to the destroy functionality, so would affect anything that destroys a session (e.g. logging out).
• Entities\User - added functions and an exported value, I don't foresee any issues here.

added scoped labels

added 1 commit

• dd035afc - Update token.php

Compare with previous version

changed the description

unmarked as a Work In Progress

changed the description

added 14 commits

• dd035afc...be17eaf5 - 13 commits from branch master
• aa7d6ff4 - Merge branch 'master' of gitlab.com:minds/engine into fix/logout-surge-token-deletion-1270

Compare with previous version

added 12 commits

• aa7d6ff4...e4fdcb9e - 11 commits from branch master
• 30a7116c - Merge branch 'master' of gitlab.com:minds/engine into fix/logout-surge-token-deletion-1270

Compare with previous version

added 10 commits

• 30a7116c...5e9b7bb9 - 9 commits from branch master
• a192e242 - Merge branch 'master' of gitlab.com:minds/engine into fix/logout-surge-token-deletion-1270

Compare with previous version

The issue seems to be that the notification endpoint is not running in full. That endpoint is not touched in this fix. Can prove it works by skipping steps 6 and 7 and instead running

UPDATE minds.entities SET value = '123123' where key='{{ your guid }}' and column1='surge_token';,

Let's make sure that it's not because we're revoking the surge tokens before we save the user. User calls ElggUser's save with then fires off a create event, so we have a couple of write operations which could be firing out of order and causing the not writing on review sites.

approved this merge request

approved this merge request

added scoped label and automatically removed label

Note about possible caching conflicts on the POST request that could be causing an issue.

Plan - check on staging that it works.

guid: "1025784527299022860"