Changeset View
Changeset View
Standalone View
Standalone View
keyserver/src/cron/compare-users.js
// @flow | // @flow | ||||
import { getRustAPI } from 'rust-node-addon'; | |||||
import { deleteCookies } from '../deleters/cookie-deleters.js'; | import { deleteCookies } from '../deleters/cookie-deleters.js'; | ||||
import { fetchNativeCookieIDsForUserIDs } from '../fetchers/cookie-fetchers.js'; | import { fetchNativeCookieIDsForUserIDs } from '../fetchers/cookie-fetchers.js'; | ||||
import { fetchAllUserIDs } from '../fetchers/user-fetchers.js'; | import { fetchAllUserIDs } from '../fetchers/user-fetchers.js'; | ||||
async function compareMySQLUsersToIdentityService(): Promise<void> { | async function compareMySQLUsersToIdentityService(): Promise<void> { | ||||
// eslint-disable-next-line no-unused-vars | const [allUserIDs, rustAPI] = await Promise.all([ | ||||
const allUserIDs = await fetchAllUserIDs(); | fetchAllUserIDs(), | ||||
// next we need to query identity service for two things: | getRustAPI(), | ||||
// 1. users in identity that aren't here | ]); | ||||
// 2. users here that aren't in identity | const userComparisonResult = await rustAPI.compareUsers(allUserIDs); | ||||
const userMissingFromKeyserver = []; | const { usersMissingFromKeyserver, usersMissingFromIdentity } = | ||||
const userMissingFromIdentity = []; | userComparisonResult; | ||||
if (userMissingFromKeyserver.length > 0) { | |||||
if (usersMissingFromKeyserver.length > 0) { | |||||
console.warn( | console.warn( | ||||
"found users in identity service that aren't in MySQL! " + | "found users in identity service that aren't in MySQL! " + | ||||
JSON.stringify(userMissingFromKeyserver), | JSON.stringify(usersMissingFromKeyserver), | ||||
); | ); | ||||
} | } | ||||
if (userMissingFromIdentity.length === 0) { | if (usersMissingFromIdentity.length === 0) { | ||||
return; | return; | ||||
} | } | ||||
const cookieIDs = await fetchNativeCookieIDsForUserIDs( | const cookieIDs = await fetchNativeCookieIDsForUserIDs( | ||||
userMissingFromIdentity, | usersMissingFromIdentity, | ||||
); | ); | ||||
if (cookieIDs.length === 0) { | |||||
return; | |||||
} | |||||
// By deleting a cookie associated with a user's device, we trigger an | |||||
// auto-log-in from that device, which lets us access the user's password. We | |||||
// need the password in order to double-write user data to the identity | |||||
// service. We only delete cookies associated with native devices because we | |||||
// don't cache passwords on other platforms. | |||||
await deleteCookies(cookieIDs); | await deleteCookies(cookieIDs); | ||||
} | } | ||||
export { compareMySQLUsersToIdentityService }; | export { compareMySQLUsersToIdentityService }; |