Fix logout push identifiers and send logout before clearing devices #4

New Issue

MrUnknownDE · 2026-04-05T20:28:55+02:00

MrUnknownDE commented

2026-04-05 20:28:55 +02:00

Originally created by @qaz741wsd856 on 4/1/2026

This fixes two issues in the logout push flow.

push_logout() currently sends the acting device UUID in both deviceId and identifier. That does not match the other push entry points, where deviceId is the push UUID and identifier is the device UUID.
post_sstamp() and disable_user() delete all devices before calling send_logout(). Since check_user_has_push_device() filter was introduced in #3578, those flows will always skip the push because the device lookup returns false after the delete.

This patch:

passes the acting Device through send_logout() into push_logout()
sends logout pushes with deviceId = device.push_uuid and identifier = device.uuid
moves Device::delete_all_by_user() in post_sstamp() and disable_user() to after logout sending
leaves deauth_user() unchanged, because it already sends the logout notification before deleting devices

*Originally created by @qaz741wsd856 on 4/1/2026* This fixes two issues in the logout push flow. 1. `push_logout()` currently sends the acting device UUID in both `deviceId` and `identifier`. That does not match the other push entry points, where `deviceId` is the push UUID and `identifier` is the device UUID. 2. `post_sstamp()` and `disable_user()` delete all devices **before** calling `send_logout()`. Since `check_user_has_push_device()` filter was introduced in #3578, those flows will always skip the push because the device lookup returns `false` after the delete. This patch: - passes the acting `Device` through `send_logout()` into `push_logout()` - sends logout pushes with `deviceId = device.push_uuid` and `identifier = device.uuid` - moves `Device::delete_all_by_user()` in `post_sstamp()` and `disable_user()` to after logout sending - leaves `deauth_user()` unchanged, because it already sends the logout notification before deleting devices

Sign in to join this conversation.

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#4