fix: prevent push notifications from being sent after logout

[ricardogarim]

As per CORE-1567, this PR resolves a bug that caused logged-out users to continue receiving push notifications.

When a user logged out, their loginTokens field was updated to an empty array ([]). However, the PushService watcher only handled the undefined case, so the cleanup logic responsible for removing push tokens was never triggered on logout. This resulted in stale push tokens remaining in the database and notifications being sent even after the user had logged out.

Proposed changes (including videos or screenshots)

Adds a check for empty loginTokens arrays to ensure push tokens are removed when users log out.

Issue(s)

• CORE-1567

Steps to test or reproduce

1. Log in to the Rocket.Chat mobile app (iOS or Android)
2. Confirm push notifications are received for new messages
3. Log out from the mobile app or call /api/v1/users.logout
4. Verify that push tokens are removed from the database:

   db._raix_push_app_tokens.find({ userId: "USER_ID" })
   

5. Confirm that no push notifications are received after logout

Summary by CodeRabbit

• Bug Fixes

  • Fixed push notifications continuing after user logout by ensuring push tokens are properly cleaned up.

• Tests

  • Added end-to-end tests confirming push token removal on full logout and correct preservation/removal behavior for "logout other clients".

• Chores

  • Added a changeset entry documenting a patch release for the fix.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

🦋 Changeset detected

Latest commit: a4e9c9e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 42 packages

Name	Type
@rocket.chat/meteor	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/api-client	Patch
@rocket.chat/apps	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/freeswitch	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/http-router	Patch
@rocket.chat/livechat	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/ui-voip	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/stream-hub-service	Patch
@rocket.chat/abac	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/license	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/models	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/ui-video-conf	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

Updates push token cleanup: watcher now treats both undefined and empty arrays as signals to remove stored login tokens; adds tests validating token removal on logout and logoutOtherClients; includes a changeset entry for a patch release.

Changes

Cohort / File(s)	Change Summary
Changeset entry .changeset/poor-apricots-heal.md	Adds a patch changeset documenting the push-token cleanup fix applied on logout.
Push service token cleanup apps/meteor/server/services/push/service.ts	Adjusts guard logic to initialize loginTokens earlier and remove tokens when services.resume.loginTokens is undefined or an empty array; prevents token-removal paths when no tokens exist.
End-to-end tests apps/meteor/tests/end-to-end/api/users.ts	Adds two e2e tests: one for logoutOtherClients ensuring only ended sessions' tokens are removed; one for logout ensuring full logout clears tokens so old tokens cannot be deleted after logout.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Areas to inspect:
  • apps/meteor/server/services/push/service.ts — correctness of combined guard and early-exit behavior.
  • Tests in apps/meteor/tests/end-to-end/api/users.ts — timing/wait assumptions and robustness of assertions.
  • Ensure changeset text accurately reflects intended patch semantics.

Suggested labels

stat: ready to merge, stat: QA assured

Suggested reviewers

• ggazzo
• tassoevan

Poem

🐰 I hopped through code at break of day,
Empty arrays no longer hide away,
Tokens cleared with a gentle thump,
Logout's tidy — no more bump! 🥕

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main fix: preventing push notifications after logout, which is the primary objective of this changeset.
Linked Issues check	✅ Passed	The PR successfully addresses CORE-1567 by detecting empty loginTokens arrays and triggering cleanup to remove push tokens on logout, with corresponding tests validating the fix.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing the push token cleanup issue: service logic fix, end-to-end tests, and changeset documentation are all aligned with CORE-1567.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/push-tokens

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

📦 Docker Image Size Report

📈 Changes

Service	Current	Baseline	Change	Percent
sum of all images	1.2GiB	1.2GiB	+12MiB
rocketchat	358MiB	347MiB	+12MiB
omnichannel-transcript-service	132MiB	132MiB	-68B
queue-worker-service	132MiB	132MiB	-568B
ddp-streamer-service	126MiB	126MiB	+538B
account-service	113MiB	113MiB	-511B
authorization-service	111MiB	111MiB	-274B
stream-hub-service	110MiB	110MiB	+968B
presence-service	110MiB	110MiB	-216B

📊 Historical Trend

---
config:
  theme: "dark"
  xyChart:
    width: 900
    height: 400
---
xychart
  title "Image Size Evolution by Service (Last 30 Days + This PR)"
  x-axis ["11/15 22:28", "11/16 01:28", "11/17 23:50", "11/18 22:53", "11/19 23:02", "11/21 16:49", "11/24 17:34", "11/27 22:32", "11/28 19:05", "12/01 23:01", "12/02 21:57", "12/03 21:00", "12/04 18:17", "12/05 21:56", "12/08 20:15", "12/09 22:17", "12/10 23:26", "12/11 21:56", "12/12 22:45", "12/13 01:34", "12/15 22:31", "12/16 22:18", "12/17 21:04", "12/18 23:12", "12/19 04:43", "12/19 05:39 (PR)"]
  y-axis "Size (GB)" 0 --> 0.5
  line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "ddp-streamer-service" [0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12]
  line "omnichannel-transcript-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "queue-worker-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "rocketchat" [0.36, 0.36, 0.35, 0.35, 0.35, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.35]
  line "stream-hub-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]

Loading

Statistics (last 25 days):

• 📊 Average: 1.5GiB
• ⬇️ Minimum: 1.2GiB
• ⬆️ Maximum: 1.6GiB
• 🎯 Current PR: 1.2GiB

ℹ️ About this report

This report compares Docker image sizes from this build against the develop baseline.

• Tag: pr-37845
• Baseline: develop
• Timestamp: 2025-12-19 05:39:19 UTC
• Historical data points: 25

---

Updated: Fri, 19 Dec 2025 05:39:19 GMT

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

apps/meteor/server/services/push/service.ts (1)

16-22: Fix correctly addresses the logout push notification bug.

The guard now properly handles both undefined and empty array [] cases, ensuring push tokens are cleaned up on logout.

Minor observation: The === undefined check on line 19 is logically redundant since line 17 normalizes undefined to [], which satisfies loginTokens.length === 0. Consider simplifying:

-			if (data.diff['services.resume.loginTokens'] === undefined || loginTokens.length === 0) {
+			if (loginTokens.length === 0) {

That said, the explicit check does document the original bug scenario, so keeping it for clarity is also reasonable.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 848af33 and a756cb9.

📒 Files selected for processing (2)

• .changeset/poor-apricots-heal.md (1 hunks)
• apps/meteor/server/services/push/service.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/server/services/push/service.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (3/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (3/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (3/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (3/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (3/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (3/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (3/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (3/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (3/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (3/5)

🔇 Additional comments (2)

.changeset/poor-apricots-heal.md (1)

1-5: LGTM!

Changeset is correctly formatted with an appropriate patch-level bump and a clear description of the fix.

apps/meteor/server/services/push/service.ts (1)

23-26: Logic is correct.

The token extraction and cleanup work as expected.

Note: The tokens.length > 0 check is redundant since we return early at line 21 when loginTokens.length === 0, and tokens has the same length via map. The check doesn't cause harm, but could be removed for clarity if desired.

[codecov]

Codecov Report

❌ Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 67.69%. Comparing base (25a10b6) to head (a4e9c9e).
⚠️ Report is 1 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #37845      +/-   ##
===========================================
- Coverage    67.69%   67.69%   -0.01%     
===========================================
  Files         3474     3474              
  Lines       113862   113861       -1     
  Branches     20942    20949       +7     
===========================================
- Hits         77084    77079       -5     
- Misses       34598    34600       +2     
- Partials      2180     2182       +2     

Flag	Coverage Δ
e2e	57.17% <ø> (-0.03%)	⬇️
e2e-api	44.01% <50.00%> (+0.04%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

apps/meteor/tests/end-to-end/api/users.ts (2)

4475-4475: Consider replacing the hardcoded delay with a polling mechanism.

The 1-second wait assumes push token cleanup completes within that timeframe, which may not hold under load or in slower CI environments, potentially causing flaky test failures.

🔎 Apply this suggestion to improve test reliability:

Replace the fixed delay with a polling approach that retries until the expected state is reached or a timeout occurs:

-			await new Promise((resolve) => setTimeout(resolve, 1000));
+			// Poll for token removal with timeout
+			let tokenRemoved = false;
+			for (let i = 0; i < 10 && !tokenRemoved; i++) {
+				await new Promise((resolve) => setTimeout(resolve, 200));
+				const res = await request
+					.delete(api('push.token'))
+					.set(credentials2)
+					.send({ token: 'device-1-token' });
+				if (res.statusCode === 404) {
+					tokenRemoved = true;
+					break;
+				}
+			}
+			expect(tokenRemoved).to.be.true;

Alternatively, extract this pattern into a reusable helper function if the codebase adopts this approach for other async tests.

---

5056-5056: Consider replacing the hardcoded delay with a polling mechanism.

Same issue as in the logoutOtherClients test above: the fixed 1-second wait may cause flaky failures in slower environments.

Apply a similar polling strategy as suggested for line 4475, or extract a shared helper function to avoid duplication:

async function waitForTokenRemoval(credentials: Credentials, token: string, maxAttempts = 10): Promise<boolean> {
	for (let i = 0; i < maxAttempts; i++) {
		await new Promise((resolve) => setTimeout(resolve, 200));
		const res = await request
			.delete(api('push.token'))
			.set(credentials)
			.send({ token });
		if (res.statusCode === 404) {
			return true;
		}
	}
	return false;
}

Then use it in both tests to eliminate duplication and improve reliability.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a756cb9 and d8a4e0b.

📒 Files selected for processing (1)

• apps/meteor/tests/end-to-end/api/users.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/tests/end-to-end/api/users.ts

🧠 Learnings (8)

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Ensure tests run reliably in parallel without shared state conflicts

Applied to files:

• apps/meteor/tests/end-to-end/api/users.ts

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Ensure clean state for each test execution in Playwright tests

Applied to files:

• apps/meteor/tests/end-to-end/api/users.ts

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Group related tests in the same file

Applied to files:

• apps/meteor/tests/end-to-end/api/users.ts

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Maintain test isolation between test cases in Playwright tests

Applied to files:

• apps/meteor/tests/end-to-end/api/users.ts

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.{ts,spec.ts} : Follow Page Object Model pattern consistently in Playwright tests

Applied to files:

• apps/meteor/tests/end-to-end/api/users.ts

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Utilize Playwright fixtures (`test`, `page`, `expect`) for consistency in test files

Applied to files:

• apps/meteor/tests/end-to-end/api/users.ts

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : All test files must be created in `apps/meteor/tests/e2e/` directory

Applied to files:

• apps/meteor/tests/end-to-end/api/users.ts

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Use `expect` matchers for assertions (`toEqual`, `toContain`, `toBeTruthy`, `toHaveLength`, etc.) instead of `assert` statements in Playwright tests

Applied to files:

• apps/meteor/tests/end-to-end/api/users.ts

🧬 Code graph analysis (1)

apps/meteor/tests/end-to-end/api/users.ts (4)

apps/meteor/tests/data/users.helper.ts (1)

• login (80-95)

apps/meteor/client/startup/iframeCommands.ts (1)

• user (80-89)

apps/meteor/tests/e2e/page-objects/fragments/e2ee.ts (1)

• password (51-53)

apps/meteor/tests/data/api-data.ts (1)

• request (10-10)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (1)

apps/meteor/tests/end-to-end/api/users.ts (1)

4437-4498: Good test coverage for push token cleanup behavior.

These tests effectively verify the PR's core functionality: ensuring push tokens are removed during logout operations. The test logic correctly validates that:

• logoutOtherClients removes tokens only for logged-out sessions
• Full logout removes all push tokens

Also applies to: 5029-5070