Skip to content

feat: explicit soft logout#43

Merged
nico-famedly merged 1 commit into
masterfrom
nico/explicit-soft-logout
May 30, 2025
Merged

feat: explicit soft logout#43
nico-famedly merged 1 commit into
masterfrom
nico/explicit-soft-logout

Conversation

@nico-famedly

Copy link
Copy Markdown
Member

Allows invalidating all access tokens and refresh tokens for a specific session by setting "com.famedly.soft_logout" to "true" on the logout endpoint.

This only updates the expiry timestamps to be in the past. Otherwise the tokens will get deleted, which forces a real logout.

Fixes https://github.com/famedly/product-management/issues/3202

@nico-famedly nico-famedly requested a review from a team as a code owner May 30, 2025 12:32
@codecov

codecov Bot commented May 30, 2025

Copy link
Copy Markdown

Codecov Report

Attention: Patch coverage is 84.00000% with 4 lines in your changes missing coverage. Please review.

Project coverage is 78.57%. Comparing base (90b3bc7) to head (4bf5893).
Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
synapse/handlers/auth.py 60.00% 1 Missing and 3 partials ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##           master      #43      +/-   ##
==========================================
- Coverage   78.66%   78.57%   -0.09%     
==========================================
  Files         472      472              
  Lines       67661    67569      -92     
  Branches    10419    10419              
==========================================
- Hits        53225    53094     -131     
- Misses      10920    10936      +16     
- Partials     3516     3539      +23     
Files with missing lines Coverage Δ
synapse/rest/client/logout.py 96.07% <100.00%> (+0.33%) ⬆️
synapse/storage/databases/main/registration.py 91.38% <100.00%> (-0.07%) ⬇️
synapse/handlers/auth.py 69.26% <60.00%> (-0.13%) ⬇️

... and 65 files with indirect coverage changes


Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 90b3bc7...4bf5893. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

jason-famedly
jason-famedly previously approved these changes May 30, 2025

@jason-famedly jason-famedly left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than the few comment typos, I'm largely good with this.

We probably do not use the /logout endpoint on workers, although it should be workable but not documented, and it appears this does not touch anything that would break that. 🚀 Let's do it!

Comment thread tests/rest/client/test_auth.py Outdated
Comment thread synapse/handlers/auth.py Outdated
Allows invalidating all access tokens and refresh tokens for a specific
session by setting "com.famedly.soft_logout" to "true" on the logout
endpoint.

This only updates the expiry timestamps to be in the past. Otherwise the
tokens will get deleted, which forces a real logout.

Fixes famedly/product-management#3202
@nico-famedly nico-famedly force-pushed the nico/explicit-soft-logout branch from 4bf5893 to 17b819f Compare May 30, 2025 17:16
@nico-famedly nico-famedly merged commit 17b819f into master May 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants