[PR #7047] [MERGED] Fix logout push identifiers and send logout before clearing devices #12769

New Issue

Closed

opened 2026-04-20 15:59:20 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-04-20 15:59:20 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/7047
Author: @qaz741wsd856
Created: 4/1/2026
Status: ✅ Merged
Merged: 4/5/2026
Merged by: @dani-garcia

Base: main ← Head: fix-logout-push

---

📝 Commits (4)

• 235c4ca Fix logout push identifiers and send logout before clearing devices
• 1b174b9 Merge branch 'main' into fix-logout-push
• 17bb86d Refactor logout function parameters
• 295a454 Fix parameters in logout notification functions

📊 Changes

4 files changed (+15 additions, -14 deletions)

View changed files

📝 src/api/admin.rs (+2 -1)
📝 src/api/core/accounts.rs (+5 -4)
📝 src/api/notifications.rs (+4 -3)
📝 src/api/push.rs (+4 -6)

📄 Description

This fixes two issues in the logout push flow.

1. push_logout() currently sends the acting device UUID in both deviceId and identifier. That does not match the other push entry points, where deviceId is the push UUID and identifier is the device UUID.

2. post_sstamp() and disable_user() delete all devices before calling send_logout(). Since check_user_has_push_device() filter was introduced in #3578, those flows will always skip the push because the device lookup returns false after the delete.

This patch:

• passes the acting Device through send_logout() into push_logout()
• sends logout pushes with deviceId = device.push_uuid and identifier = device.uuid
• moves Device::delete_all_by_user() in post_sstamp() and disable_user() to after logout sending
• leaves deauth_user() unchanged, because it already sends the logout notification before deleting devices

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/7047 **Author:** [@qaz741wsd856](https://github.com/qaz741wsd856) **Created:** 4/1/2026 **Status:** ✅ Merged **Merged:** 4/5/2026 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `main` ← **Head:** `fix-logout-push` --- ### 📝 Commits (4) - [`235c4ca`](https://github.com/dani-garcia/vaultwarden/commit/235c4ca0dcd6e0d7af7485b204046ee0fca484f4) Fix logout push identifiers and send logout before clearing devices - [`1b174b9`](https://github.com/dani-garcia/vaultwarden/commit/1b174b9b406273d57bf320fd5bd2dd1d6f7f6c59) Merge branch 'main' into fix-logout-push - [`17bb86d`](https://github.com/dani-garcia/vaultwarden/commit/17bb86dbbc42aeb6d4ce8576d33e21ea6b6407df) Refactor logout function parameters - [`295a454`](https://github.com/dani-garcia/vaultwarden/commit/295a45462b74587db502f103b4d72f36be289c0d) Fix parameters in logout notification functions ### 📊 Changes **4 files changed** (+15 additions, -14 deletions) <details> <summary>View changed files</summary> 📝 `src/api/admin.rs` (+2 -1) 📝 `src/api/core/accounts.rs` (+5 -4) 📝 `src/api/notifications.rs` (+4 -3) 📝 `src/api/push.rs` (+4 -6) </details> ### 📄 Description This fixes two issues in the logout push flow. 1. `push_logout()` currently sends the acting device UUID in both `deviceId` and `identifier`. That does not match the other push entry points, where `deviceId` is the push UUID and `identifier` is the device UUID. 2. `post_sstamp()` and `disable_user()` delete all devices **before** calling `send_logout()`. Since `check_user_has_push_device()` filter was introduced in #3578, those flows will always skip the push because the device lookup returns `false` after the delete. This patch: - passes the acting `Device` through `send_logout()` into `push_logout()` - sends logout pushes with `deviceId = device.push_uuid` and `identifier = device.uuid` - moves `Device::delete_all_by_user()` in `post_sstamp()` and `disable_user()` to after logout sending - leaves `deauth_user()` unchanged, because it already sends the logout notification before deleting devices --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2026-04-20 15:59:21 -05:00

GiteaMirror closed this issue 2026-04-20 15:59:23 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.36.0

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#12769