Merge pull request #13757 from rtibbles/unhandle_my_lod

Robustly clear sessions on user deletion to cause immediate logout

Author: rtibbles

kolibri/core/analytics/test/test_api.py

@@ -14,6 +14,8 @@
 
 
 class PingbackNotificationTestCase(APITestCase):
+    databases = "__all__"
+
     @classmethod
     def setUpTestData(cls):
         provision_device()
@@ -71,6 +73,8 @@ def test_filter_by_semantic_versioning(self):
 
 
 class PingbackNotificationDismissedTestCase(APITestCase):
+    databases = "__all__"
+
     @classmethod
     def setUpTestData(cls):
         provision_device()

kolibri/core/auth/api.py

@@ -56,7 +56,6 @@
 
 from .constants import collection_kinds
 from .constants import role_kinds
-from .middleware import clear_user_cache_on_delete
 from .models import Classroom
 from .models import Collection
 from .models import Facility
@@ -594,7 +593,6 @@ def destroy(self, request, *args, **kwargs):
             user = self.get_object()
             user.date_deleted = now()
             user.save()
-            self._invalidate_removed_users_session([user])
             try:
                 cleanup_expired_deleted_users.enqueue()
             except JobRunning:
@@ -604,22 +602,10 @@ def destroy(self, request, *args, **kwargs):
             # Bulk deletion
             return self.bulk_destroy(request, *args, **kwargs)
 
-    def _invalidate_removed_users_session(self, users):
-        """
-        Invalidate removed users sessions by clearing their cache.
-        So the next time they make a request, the auth middleware will try to fetch
-        the most up-to-date information for the user, and won't find the user
-        since it was soft deleted.
-        """
-        for user in users:
-            clear_user_cache_on_delete(None, user)
-
     def perform_bulk_destroy(self, objects):
         if objects.filter(id=self.request.user.id).exists():
             raise PermissionDenied("Super user cannot delete self")
-        removed_users = list(objects)
         objects.update(date_deleted=now())
-        self._invalidate_removed_users_session(removed_users)
 
     def perform_update(self, serializer):
         instance = serializer.save()

kolibri/core/auth/backends.py

@@ -3,7 +3,10 @@
 The appropriate classes should be listed in the AUTHENTICATION_BACKENDS. Note that authentication
 backends are checked in the order they're listed.
 """
+from django.contrib.sessions.backends.db import SessionStore as DBStore
+
 from kolibri.core.auth.models import FacilityUser
+from kolibri.core.auth.models import Session
 
 
 FACILITY_CREDENTIAL_KEY = "facility"
@@ -71,3 +74,24 @@ def get_user(self, user_id):
             return FacilityUser.objects.get(pk=user_id)
         except FacilityUser.DoesNotExist:
             return None
+
+
+class SessionStore(DBStore):
+    @classmethod
+    def get_model_class(cls):
+        return Session
+
+    def create_model_instance(self, data):
+        obj = super().create_model_instance(data)
+        try:
+            user_id = data.get("_auth_user_id")
+        except (ValueError, TypeError):
+            user_id = None
+        obj.user_id = user_id
+        return obj
+
+    @classmethod
+    def delete_all_sessions(cls, user_ids):
+        store = cls()
+        sessions = store.get_model_class().objects.filter(user_id__in=user_ids)
+        sessions.delete()

kolibri/core/auth/kolibri_plugin.py

@@ -4,6 +4,7 @@
 
 from kolibri.core.auth.hooks import FacilityDataSyncHook
 from kolibri.core.auth.models import FacilityUser
+from kolibri.core.auth.models import Session
 from kolibri.core.auth.sync_operations import KolibriSingleUserSyncOperation
 from kolibri.core.auth.sync_operations import KolibriSyncOperationMixin
 from kolibri.core.auth.tasks import cleanupsync
@@ -22,6 +23,26 @@ def handle_local_user(self, context, user_id):
         return False
 
 
+def cleanup_sessions(user_ids):
+    """
+    Clean up sessions for all hard and soft-deleted users in the synced dataset.
+
+    :type dataset_id: str
+    """
+
+    all_user_ids = set(user_ids)
+
+    # Query all soft-deleted users in this dataset
+    still_active_users = set(
+        FacilityUser.objects.filter(id__in=user_ids).values_list("id", flat=True)
+    )
+    user_ids_to_delete = all_user_ids - still_active_users
+
+    # Clean up sessions for these users
+    if user_ids_to_delete:
+        Session.delete_all_sessions(user_ids_to_delete)
+
+
 class CleanUpTaskOperation(KolibriSyncOperationMixin, LocalOperation):
     def handle_initial(self, context):
         """
@@ -62,3 +83,18 @@ def handle_initial(self, context):
 class AuthSyncHook(FacilityDataSyncHook):
     serializing_operations = [SingleFacilityUserChangeClearingOperation()]
     cleanup_operations = [CleanUpTaskOperation()]
+
+    def post_transfer(
+        self,
+        dataset_id,
+        local_is_single_user,
+        remote_is_single_user,
+        single_user_id,
+        context,
+    ):
+
+        if context.is_receiver:
+            user_ids = context.transfer_session.get_touched_record_ids_for_model(
+                FacilityUser
+            )
+            cleanup_sessions(user_ids)

kolibri/core/auth/migrations/0031_session.py

@@ -0,0 +1,44 @@
+# Generated by Django 3.2.25 on 2025-09-17 02:30
+import morango.models.fields.uuids
+from django.db import migrations
+from django.db import models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("kolibriauth", "0030_alter_facilityuser_managers"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="Session",
+            fields=[
+                (
+                    "session_key",
+                    models.CharField(
+                        max_length=40,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="session key",
+                    ),
+                ),
+                ("session_data", models.TextField(verbose_name="session data")),
+                (
+                    "expire_date",
+                    models.DateTimeField(db_index=True, verbose_name="expire date"),
+                ),
+                (
+                    "user_id",
+                    morango.models.fields.uuids.UUIDField(
+                        blank=True, db_index=True, null=True
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "session",
+                "verbose_name_plural": "sessions",
+                "abstract": False,
+            },
+        ),
+    ]

kolibri/core/auth/migrations/0032_alter_facilityuser_managers.py

@@ -0,0 +1,32 @@
+# Generated by Django 3.2.25 on 2025-10-30 01:01
+from django.db import migrations
+
+import kolibri.core.auth.models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("kolibriauth", "0031_session"),
+    ]
+
+    operations = [
+        migrations.AlterModelManagers(
+            name="facilityuser",
+            managers=[
+                (
+                    "all_objects",
+                    kolibri.core.auth.models.AllObjectsFacilityUserModelManager(),
+                ),
+                ("objects", kolibri.core.auth.models.FacilityUserModelManager()),
+                (
+                    "syncing_objects",
+                    kolibri.core.auth.models.BaseFacilityUserModelManager(),
+                ),
+                (
+                    "soft_deleted_objects",
+                    kolibri.core.auth.models.SoftDeletedFacilityUserModelManager(),
+                ),
+            ],
+        ),
+    ]

kolibri/core/auth/models.py

@@ -24,6 +24,7 @@
 from django.contrib.auth.models import AbstractBaseUser
 from django.contrib.auth.models import AnonymousUser
 from django.contrib.auth.models import UserManager
+from django.contrib.sessions.base_session import AbstractBaseSession
 from django.core import validators
 from django.core.exceptions import ObjectDoesNotExist
 from django.core.exceptions import ValidationError
@@ -35,6 +36,8 @@
 from morango.models import Certificate
 from morango.models import SyncableModel
 from morango.models import SyncableModelManager
+from morango.models import SyncableModelQuerySet
+from morango.models import UUIDField
 from mptt.models import TreeForeignKey
 
 from .constants import collection_kinds
@@ -78,12 +81,45 @@
 from kolibri.core.errors import KolibriValidationError
 from kolibri.core.fields import DateTimeTzField
 from kolibri.core.fields import JSONField
+from kolibri.core.utils.model_router import KolibriModelRouter
 from kolibri.core.utils.validators import JSON_Schema_Validator
+from kolibri.deployment.default.sqlite_db_names import SESSIONS
 from kolibri.plugins.app.utils import interface
 from kolibri.utils.time_utils import local_now
 
 logger = logging.getLogger(__name__)
 
+
+class Session(AbstractBaseSession):
+    """
+    Custom session model with user_id tracking for session management.
+    Inherits from Django's AbstractBaseSession and adds user_id field.
+    """
+
+    user_id = UUIDField(blank=True, null=True, db_index=True)
+
+    @classmethod
+    def get_session_store_class(cls):
+        from .backends import SessionStore
+
+        return SessionStore
+
+    @classmethod
+    def delete_all_sessions(cls, user_ids):
+        store_class = cls.get_session_store_class()
+        store_class.delete_all_sessions(user_ids)
+        logger.info("Deleted all sessions for user IDs: {}".format(user_ids))
+
+
+class SessionRouter(KolibriModelRouter):
+    """
+    Determine how to route database calls for custom Session model.
+    """
+
+    MODEL_CLASSES = {Session}
+    DB_NAME = SESSIONS
+
+
 DEMOGRAPHIC_FIELDS_KEY = "demographic_fields"
 
 
@@ -631,7 +667,43 @@ def filter_readable(self, queryset):
         return queryset.none()
 
 
-class FacilityUserModelManager(SyncableModelManager, UserManager):
+class FacilityUserQuerySet(SyncableModelQuerySet):
+    def update(self, **kwargs):
+        # Check if date_deleted is being set to a non-null value (soft delete)
+        user_ids = []
+        if "date_deleted" in kwargs and kwargs["date_deleted"] is not None:
+            # Get user IDs that are currently not soft deleted
+            user_ids = list(
+                self.filter(date_deleted__isnull=True).values_list("id", flat=True)
+            )
+
+        # Perform the update
+        result = super().update(**kwargs)
+
+        # Clean up sessions for soft deleted users
+        if user_ids:
+            Session.delete_all_sessions(user_ids)
+
+        return result
+
+    def delete(self):
+        # Get user IDs before deletion for session cleanup
+        user_ids = list(self.values_list("id", flat=True))
+
+        # Perform the deletion
+        result = super().delete()
+
+        # Clean up sessions after successful deletion
+        Session.delete_all_sessions(user_ids)
+        return result
+
+
+class BaseFacilityUserModelManager(SyncableModelManager, UserManager):
+    def get_queryset(self):
+        return FacilityUserQuerySet(self.model, using=self._db)
+
+
+class FacilityUserModelManager(BaseFacilityUserModelManager):
     def get_queryset(self):
         return super().get_queryset().filter(date_deleted__isnull=True)
 
@@ -718,7 +790,7 @@ def get_or_create_os_user(self, auth_token, facility=None):
             return user
 
 
-class SoftDeletedFacilityUserModelManager(SyncableModelManager, UserManager):
+class SoftDeletedFacilityUserModelManager(BaseFacilityUserModelManager):
     """
     Custom manager for FacilityUser that only returns users who have a non-NULL value in their date_deleted field.
     """
@@ -773,7 +845,7 @@ def validate_role_kinds(kinds):
     return kinds
 
 
-class AllObjectsFacilityUserModelManager(SyncableModelManager, UserManager):
+class AllObjectsFacilityUserModelManager(BaseFacilityUserModelManager):
     def get_queryset(self):
         return super(AllObjectsFacilityUserModelManager, self).get_queryset()
 
@@ -804,7 +876,7 @@ class FacilityUser(AbstractBaseUser, KolibriBaseUserMixin, AbstractFacilityDataM
 
     all_objects = AllObjectsFacilityUserModelManager()
     objects = FacilityUserModelManager()
-
+    syncing_objects = BaseFacilityUserModelManager()
     soft_deleted_objects = SoftDeletedFacilityUserModelManager()
 
     USERNAME_FIELD = "username"
@@ -1061,6 +1133,28 @@ def __str__(self):
             user=self.full_name or self.username, facility=self.facility
         )
 
+    def save(self, *args, **kwargs):
+        # Call the parent save method first
+        result = super().save(*args, **kwargs)
+
+        # Clean up sessions after successful save if user is deleted
+        # This handles both local deletions and deletions synced via Morango
+        # (Morango creates new instances from deserialized data, so we can't
+        # reliably track changes - just clean up whenever date_deleted is set)
+        if self.date_deleted is not None and self.pk is not None:
+            Session.delete_all_sessions([self.id])
+
+        return result
+
+    def delete(self, *args, **kwargs):
+        """
+        Override delete to ensure sessions are cleaned up during hard delete.
+        """
+        user_id = self.id
+        result = super().delete(*args, **kwargs)
+        Session.delete_all_sessions([user_id])
+        return result
+
     def has_perm(self, perm, obj=None):
         # ensure the superuser has full access to the Django admin
         if self.is_superuser: