[PM-17168] Sync organization user revoked/restored status immediately via push notification #13101
Conversation
…wait for reconnect
… in a separate method
…diately-via-push-notification
…OrgKeysOnRevokeRestore
r-tome
changed the title
|
New Issues (1)Checkmarx found the following issues in this Pull Request
Fixed Issues (1)Great job! The following issues were fixed in this Pull Request
|
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #13101 +/- ##
==========================================
- Coverage 35.41% 35.04% -0.38%
==========================================
Files 3007 3034 +27
Lines 90716 92642 +1926
Branches 16858 16859 +1
==========================================
+ Hits 32129 32463 +334
- Misses 56123 57719 +1596
+ Partials 2464 2460 -4 ☔ View full report in Codecov by Sentry. |
|
I'm closing this because only the server change is required. |
…diately-via-push-notification
|
Reopening this PR — @eliykat explained that we need to refresh the identity token to update the claims. |
libs/common/src/platform/notifications/internal/default-notifications.service.ts
Show resolved
Hide resolved
…diately-via-push-notification
libs/common/src/platform/notifications/internal/default-notifications.service.spec.ts
Show resolved
Hide resolved
| if (await this.configService.getFeatureFlag(FeatureFlag.PushSyncOrgKeysOnRevokeRestore)) { | ||
| // Refresh the identity token to ensure organization roles in JWT claims are up-to-date | ||
| await this.apiService.refreshIdentityToken(); | ||
| } |
There was a problem hiding this comment.
I'm actually going to keep the rejection only because I think your server change should be enough for now. SyncService.fullSync(true) will automatically call ApiService.refreshIdentityToken(). We are thinking about decoupling that behavior and the change here you have would be right but we are not going to be merging that right now. So please check my assumption here but you should get the desired outcome with only the server PR. I've linked the tickets and mentioned the PR on our decoupling work so that if we go ahead with that we will add the ApiService.refreshIdentityToken call for you.
There was a problem hiding this comment.
I didn't know fullSync already did this for us, so fwiw I'm OK with that suggestion. Thanks @justindbaur
There was a problem hiding this comment.
So please check my assumption here but you should get the desired outcome with only the server PR
Yes that is true, the server PR changes alone are enough. Thanks for looking into this, @justindbaur!
I'll close this PR.
|
Closing the PR, see the reason here. |
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-17168
📔 Objective
This PR updates the
NotificationsServiceto handle messages of typeNotificationType.SyncOrgKeysby refreshing the identity token.I also noticed that the SignalR connection stops when receiving a
NotificationType.SyncOrgKeysmessage but does not restart automatically. To fix this, I updated the reconnect method to re-setup the connection.Server PR.
📸 Screenshots
Revoking and restoring a user a couple of times:
Screen.Recording.2025-01-28.at.12.41.05.mov
⏰ Reminders before review
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:) for suggestions / improvements:x:) or:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes