Merge pull request #641 from matrix-org/dbkr/fix_change_password

Fix logout on password change

synapse/handlers/auth.py

@@ -432,13 +432,18 @@ class AuthHandler(BaseHandler):
         )
 
     @defer.inlineCallbacks
-    def set_password(self, user_id, newpassword):
+    def set_password(self, user_id, newpassword, requester=None):
         password_hash = self.hash(newpassword)
 
+        except_access_token_ids = [requester.access_token_id] if requester else []
+
         yield self.store.user_set_password_hash(user_id, password_hash)
-        yield self.store.user_delete_access_tokens(user_id)
+        yield self.store.user_delete_access_tokens(
-        yield self.hs.get_pusherpool().remove_pushers_by_user(user_id)
+            user_id, except_access_token_ids
-        yield self.store.flush_user(user_id)
+        )
+        yield self.hs.get_pusherpool().remove_pushers_by_user(
+            user_id, except_access_token_ids
+        )
 
     @defer.inlineCallbacks
     def add_threepid(self, user_id, medium, address, validated_at):

synapse/push/pusherpool.py

@@ -92,14 +92,14 @@ class PusherPool:
                 yield self.remove_pusher(p['app_id'], p['pushkey'], p['user_name'])
 
     @defer.inlineCallbacks
-    def remove_pushers_by_user(self, user_id):
+    def remove_pushers_by_user(self, user_id, except_token_ids=[]):
         all = yield self.store.get_all_pushers()
         logger.info(
-            "Removing all pushers for user %s",
+            "Removing all pushers for user %s except access tokens ids %r",
-            user_id,
+            user_id, except_token_ids
         )
         for p in all:
-            if p['user_name'] == user_id:
+            if p['user_name'] == user_id and p['access_token'] not in except_token_ids:
                 logger.info(
                     "Removing pusher for app id %s, pushkey %s, user %s",
                     p['app_id'], p['pushkey'], p['user_name']

synapse/rest/client/v2_alpha/account.py

@@ -79,7 +79,7 @@ class PasswordRestServlet(RestServlet):
         new_password = params['new_password']
 
         yield self.auth_handler.set_password(
-            user_id, new_password
+            user_id, new_password, requester
         )
 
         defer.returnValue((200, {}))

synapse/storage/registration.py

@@ -195,27 +195,24 @@ class RegistrationStore(SQLBaseStore):
         })
 
     @defer.inlineCallbacks
-    def user_delete_access_tokens(self, user_id):
+    def user_delete_access_tokens(self, user_id, except_token_ids):
-        yield self.runInteraction(
+        def f(txn):
-            "user_delete_access_tokens",
+            txn.execute(
-            self._user_delete_access_tokens, user_id
+                "SELECT id, token FROM access_tokens "
-        )
+                "WHERE user_id = ? AND id not in LIMIT 50",
-
+                (user_id, except_token_ids)
-    def _user_delete_access_tokens(self, txn, user_id):
+            )
-        txn.execute(
+            rows = txn.fetchall()
-            "DELETE FROM access_tokens WHERE user_id = ?",
+            for r in rows:
-            (user_id, )
+                txn.call_after(self.get_user_by_access_token.invalidate, (r[1],))
-        )
+            txn.execute(
-
+                "DELETE FROM access_tokens WHERE id in (%s)" % ",".join(
-    @defer.inlineCallbacks
+                    ["?" for _ in rows]
-    def flush_user(self, user_id):
+                ), [r[0] for r in rows]
-        rows = yield self._execute(
+            )
-            'flush_user', None,
+            return len(rows) == 50
-            "SELECT token FROM access_tokens WHERE user_id = ?",
+        while (yield self.runInteraction("user_delete_access_tokens", f)):
-            user_id
+            pass
-        )
-        for r in rows:
-            self.get_user_by_access_token.invalidate((r,))
 
     @cached()
     def get_user_by_access_token(self, token):