From 3d865b3178b52079f12162ec67584acb52d2bc41 Mon Sep 17 00:00:00 2001
From: Silvan <silvan.reusser@gmail.com>
Date: Mon, 19 Jul 2021 15:12:00 +0200
Subject: [PATCH] fix(auth): improve sign out handling (#2030)

* fix(auth): create index on token table

* only terminate active sessions

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
---
 internal/api/oidc/auth_request.go                        | 3 +++
 .../auth/repository/eventsourcing/eventstore/user.go     | 9 ++++++---
 migrations/cockroach/V1.56__token_idx.sql                | 1 +
 3 files changed, 10 insertions(+), 3 deletions(-)
 create mode 100644 migrations/cockroach/V1.56__token_idx.sql

diff --git a/internal/api/oidc/auth_request.go b/internal/api/oidc/auth_request.go
index fe54ffeac5..d3bb52182f 100644
--- a/internal/api/oidc/auth_request.go
+++ b/internal/api/oidc/auth_request.go
@@ -154,6 +154,9 @@ func (o *OPStorage) TerminateSession(ctx context.Context, userID, clientID strin
 		logging.Log("OIDC-Ghgr3").WithError(err).Error("error retrieving user sessions")
 		return err
 	}
+	if len(userIDs) == 0 {
+		return nil
+	}
 	err = o.command.HumansSignOut(ctx, userAgentID, userIDs)
 	logging.Log("OIDC-Dggt2").OnError(err).Error("error signing out")
 	return err
diff --git a/internal/auth/repository/eventsourcing/eventstore/user.go b/internal/auth/repository/eventsourcing/eventstore/user.go
index 3e30117f35..62ca227c48 100644
--- a/internal/auth/repository/eventsourcing/eventstore/user.go
+++ b/internal/auth/repository/eventsourcing/eventstore/user.go
@@ -10,6 +10,7 @@ import (
 	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
 	"github.com/caos/zitadel/internal/config/systemdefaults"
+	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/errors"
 	"github.com/caos/zitadel/internal/eventstore/v1"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
@@ -137,9 +138,11 @@ func (repo *UserRepo) UserSessionUserIDsByAgentID(ctx context.Context, agentID s
 	if err != nil {
 		return nil, err
 	}
-	userIDs := make([]string, len(userSessions))
-	for i, session := range userSessions {
-		userIDs[i] = session.UserID
+	userIDs := make([]string, 0, len(userSessions))
+	for _, session := range userSessions {
+		if session.State == int32(domain.UserSessionStateActive) {
+			userIDs = append(userIDs, session.UserID)
+		}
 	}
 	return userIDs, nil
 }
diff --git a/migrations/cockroach/V1.56__token_idx.sql b/migrations/cockroach/V1.56__token_idx.sql
new file mode 100644
index 0000000000..9f52f4cdbe
--- /dev/null
+++ b/migrations/cockroach/V1.56__token_idx.sql
@@ -0,0 +1 @@
+CREATE INDEX IF NOT EXISTS user_user_agent_idx ON auth.tokens (user_id, user_agent_id);
\ No newline at end of file