Make cleaning up pushers depend on the device_id instead of the token_id (#15280)

This makes it so that we rely on the `device_id` to delete pushers on logout, instead of relying on the `access_token_id`. This ensures we're not removing pushers on token refresh, and prepares for a world without access token IDs (also known as the OIDC). This actually runs the `set_device_id_for_pushers` background update, which was forgotten in #13831. Note that for backwards compatibility it still deletes pushers based on the `access_token` until the background update finishes.
2025-08-09 08:02:12 -04:00 · 2023-03-24 16:09:39 +01:00 · 2023-03-24 16:09:39 +01:00 · 5b70f240cf
commit 5b70f240cf
parent 68a6717312
15 changed files with 142 additions and 65 deletions
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@ -1504,8 +1504,10 @@ class AuthHandler:
        )

        # delete pushers associated with this access token
+        # XXX(quenting): This is only needed until the 'set_device_id_for_pushers'
+        # background update completes.
        if token.token_id is not None:
-            await self.hs.get_pusherpool().remove_pushers_by_access_token(
+            await self.hs.get_pusherpool().remove_pushers_by_access_tokens(
                token.user_id, (token.token_id,)
            )

@ -1535,7 +1537,9 @@ class AuthHandler:
            )

        # delete pushers associated with the access tokens
-        await self.hs.get_pusherpool().remove_pushers_by_access_token(
+        # XXX(quenting): This is only needed until the 'set_device_id_for_pushers'
+        # background update completes.
+        await self.hs.get_pusherpool().remove_pushers_by_access_tokens(
            user_id, (token_id for _, token_id, _ in tokens_and_devices)
        )