On tenant delete, terminate sessions with tenant in scope

TeskaLabs · Apr 19, 2023 · 2237a20 · 2237a20
1 parent 191481b
commit 2237a20
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 23 deletions.
diff --git a/seacatauth/session/service.py b/seacatauth/session/service.py
@@ -420,8 +420,12 @@ async def delete(self, session_id):
 
 
 	async def delete_all_sessions(self):
+		await self._delete_sessions_by_filter()
+
+	async def _delete_sessions_by_filter(self, query_filter=None):
+		query_filter = query_filter or {}
 		to_delete = []
-		async for session_dict in self._iterate_raw():
+		async for session_dict in self._iterate_raw(query_filter=query_filter):
 			to_delete.append(session_dict)
 
 		deleted = 0
@@ -445,30 +449,14 @@ async def delete_all_sessions(self):
 		})
 
 	async def delete_sessions_by_credentials_id(self, credentials_id):
-		query_filter = {SessionAdapter.FN.Credentials.Id: credentials_id}
-		to_delete = []
-		async for session_dict in self._iterate_raw(query_filter=query_filter):
-			to_delete.append(session_dict)
+		await self._delete_sessions_by_filter(
+			query_filter={SessionAdapter.FN.Credentials.Id: credentials_id})
 
-		deleted = 0
-		failed = 0
-		# Delete iteratively so that every session is terminated properly
-		for session_dict in to_delete:
-			try:
-				# TODO: Publish pubsub message for session deletion
-				await self.StorageService.delete(self.SessionCollection, session_dict["_id"])
-				deleted += 1
-			except Exception as e:
-				L.error("Cannot delete session", struct_data={
-					"sid": session_dict["_id"],
-					"error": type(e).__name__
-				})
-				failed += 1
 
-		L.log(asab.LOG_NOTICE, "Sessions deleted", struct_data={
-			"deleted_count": deleted,
-			"failed_count": failed
-		})
+	async def delete_sessions_by_tenant_in_scope(self, tenant):
+		await self._delete_sessions_by_filter(
+			query_filter={"{}.{}".format(SessionAdapter.FN.Authorization.Authz, tenant): {"$exists": True}})
+
 
 	def aes_encrypt(self, raw_bytes: bytes):
 		algorithm = cryptography.hazmat.primitives.ciphers.algorithms.AES(self.AESKey)

diff --git a/seacatauth/tenant/service.py b/seacatauth/tenant/service.py
@@ -123,6 +123,8 @@ async def update_tenant(self, tenant_id: str, **kwargs):
 
 
 	async def delete_tenant(self, tenant_id: str):
+		session_service = self.App.get_service("seacatauth.SessionService")
+
 		# Unassign and delete tenant roles
 		role_svc = self.App.get_service("seacatauth.RoleService")
 		tenant_roles = (await role_svc.list(tenant=tenant_id, exclude_global=True))["data"]
@@ -143,6 +145,9 @@ async def delete_tenant(self, tenant_id: str):
 		# Delete tenant from provider
 		await self.TenantsProvider.delete(tenant_id)
 
+		# Delete sessions that have the tenant in scope
+		await session_service.delete_sessions_by_tenant_in_scope(tenant_id)
+
 
 	def get_provider(self):
 		'''