When adding or revoking personal sessions, schedule needed device syncs

Author: reivilibre

crates/data-model/src/personal/session.rs

@@ -10,7 +10,7 @@ use oauth2_types::scope::Scope;
 use serde::Serialize;
 use ulid::Ulid;
 
-use crate::{Client, InvalidTransitionError, User};
+use crate::{Client, Device, InvalidTransitionError, User};
 
 #[derive(Debug, Clone, Default, PartialEq, Eq, Serialize)]
 pub enum SessionState {
@@ -129,4 +129,12 @@ impl PersonalSession {
         self.state = self.state.revoke(revoked_at)?;
         Ok(self)
     }
+
+    /// Returns whether the scope of this session contains a device scope;
+    /// in other words: whether this session has a device.
+    pub fn has_device(&self) -> bool {
+        self.scope
+            .iter()
+            .any(|scope_token| Device::from_scope_token(scope_token).is_some())
+    }
 }

crates/handlers/src/admin/v1/personal_sessions/add.rs

@@ -9,6 +9,7 @@ use chrono::Duration;
 use hyper::StatusCode;
 use mas_axum_utils::record_error;
 use mas_data_model::{BoxRng, TokenType, personal::session::PersonalSessionOwner};
+use mas_storage::queue::SyncDevicesJob;
 use oauth2_types::scope::Scope;
 use schemars::JsonSchema;
 use serde::Deserialize;
@@ -144,6 +145,14 @@ pub async fn handler(
         )
         .await?;
 
+    if session.has_device() {
+        // If the session has a device, then we are now
+        // creating a device and should schedule a device sync.
+        repo.queue_job()
+            .schedule_job(&mut rng, &clock, SyncDevicesJob::new(&actor_user))
+            .await?;
+    }
+
     repo.save().await?;
 
     Ok((

crates/handlers/src/admin/v1/personal_sessions/revoke.rs

@@ -7,6 +7,7 @@ use aide::{OperationIo, transform::TransformOperation};
 use axum::{Json, response::IntoResponse};
 use hyper::StatusCode;
 use mas_axum_utils::record_error;
+use mas_storage::queue::{QueueJobRepositoryExt as _, SyncDevicesJob};
 use ulid::Ulid;
 
 use crate::{
@@ -80,6 +81,7 @@ pub async fn handler(
     CallContext {
         mut repo, clock, ..
     }: CallContext,
+    NoApi(mut rng): NoApi<BoxRng>,
     session_id: UlidPathParam,
 ) -> Result<Json<SingleResponse<PersonalSession>>, RouteError> {
     let session_id = *session_id;
@@ -95,6 +97,18 @@ pub async fn handler(
 
     let session = repo.personal_session().revoke(&clock, session).await?;
 
+    if session.has_device() {
+        // If the session has a device, then we are now
+        // deleting a device and should schedule a device sync to clean up.
+        repo.queue_job()
+            .schedule_job(
+                &mut rng,
+                &clock,
+                SyncDevicesJob::new_for_id(session.actor_user_id),
+            )
+            .await?;
+    }
+
     repo.save().await?;
 
     Ok(Json(SingleResponse::new_canonical(