When consuming a compat refresh token, consume others in the session

reivilibre · sandhose · commit 0f3b2d2d8950 · 2025-02-05T11:36:27.000+01:00
diff --git a/crates/storage-pg/.sqlx/query-f75e44b528234dac708640ad9a111f3f6b468a91bf0d5b574795bf8c80605f19.json b/crates/storage-pg/.sqlx/query-f75e44b528234dac708640ad9a111f3f6b468a91bf0d5b574795bf8c80605f19.json
diff --git a/crates/storage-pg/src/compat/refresh_token.rs b/crates/storage-pg/src/compat/refresh_token.rs
@@ -204,16 +204,25 @@ impl CompatRefreshTokenRepository for PgCompatRefreshTokenRepository<'_> {
             r#"
                 UPDATE compat_refresh_tokens
                 SET consumed_at = $2
-                WHERE compat_refresh_token_id = $1
+                WHERE compat_session_id = $1
+                  AND consumed_at IS NULL
             "#,
-            Uuid::from(compat_refresh_token.id),
+            Uuid::from(compat_refresh_token.session_id),
             consumed_at,
         )
         .traced()
         .execute(&mut *self.conn)
         .await?;
 
-        DatabaseError::ensure_affected_rows(&res, 1)?;
+        // This can affect multiple rows in case we've imported refresh tokens
+        // from Synapse. What we care about is that it at least affected one,
+        // which is what we're checking here
+        if res.rows_affected() == 0 {
+            return Err(DatabaseError::RowsAffected {
+                expected: 1,
+                actual: 0,
+            });
+        }
 
         let compat_refresh_token = compat_refresh_token
             .consume(consumed_at)
diff --git a/crates/storage/src/compat/refresh_token.rs b/crates/storage/src/compat/refresh_token.rs
@@ -69,7 +69,13 @@ pub trait CompatRefreshTokenRepository: Send + Sync {
         token: String,
     ) -> Result<CompatRefreshToken, Self::Error>;
 
-    /// Consume a compat refresh token
+    /// Consume a compat refresh token.
+    ///
+    /// This also marks other refresh tokens in the same session as consumed.
+    /// This is desirable because the syn2mas migration process can import
+    /// multiple refresh tokens for one device (compat session).
+    /// But once the user uses one of those, the others should no longer
+    /// be valid.
     ///
     /// Returns the consumed compat refresh token
     ///
