fix: clean up login tokens in users.deactivateidle

[dionisio-bot]

Backport of #40496

[changeset-bot]

🦋 Changeset detected

Latest commit: 9e99fc0

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 42 packages

Name	Type
@rocket.chat/model-typings	Patch
@rocket.chat/models	Patch
@rocket.chat/meteor	Patch
@rocket.chat/apps	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/omnichannel-services	Patch
rocketchat-services	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch
@rocket.chat/server-fetch	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/abac	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/presence	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/api-client	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/http-router	Patch
@rocket.chat/livechat	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/ui-voip	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/license	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/ui-video-conf	Patch
@rocket.chat/ui-composer	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[cubic-dev-ai]

1 issue found across 5 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="apps/meteor/app/api/server/v1/users.ts">

<violation number="1" location="apps/meteor/app/api/server/v1/users.ts:551">
P2: This introduces a read-then-update race: notifications are emitted from a pre-update ID snapshot, so users that no longer match at update time can still be broadcast as deactivated.

(Based on your team's feedback about concurrency-impacting behavioral changes.) [FEEDBACK_USED]</violation>
</file>

_{Tip: cubic used a learning from your PR history. Let your coding agent read cubic learnings directly with the cubic MCP.
Re-trigger cubic}

[cubic-dev-ai]

P2: This introduces a read-then-update race: notifications are emitted from a pre-update ID snapshot, so users that no longer match at update time can still be broadcast as deactivated.

(Based on your team's feedback about concurrency-impacting behavioral changes.)

View Feedback

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/meteor/app/api/server/v1/users.ts, line 551:

<comment>This introduces a read-then-update race: notifications are emitted from a pre-update ID snapshot, so users that no longer match at update time can still be broadcast as deactivated.

(Based on your team's feedback about concurrency-impacting behavioral changes.) </comment>

<file context>
@@ -548,9 +548,20 @@ API.v1.post(
 		lastLoggedIn.setDate(lastLoggedIn.getDate() - daysIdle);
 
-		// since we're deactiving users that are not logged in, there is no need to send data through WS
+		const ids = await Users.findActiveNotLoggedInAfterWithRole(lastLoggedIn, role, { projection: { _id: 1 } })
+			.map(({ _id }: { _id: string }) => _id)
+			.toArray();
</file context>

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.92%. Comparing base (ff254bf) to head (9e99fc0).

Additional details and impacted files

@@                Coverage Diff                @@
##           release-8.4.2   #40559      +/-   ##
=================================================
+ Coverage          69.90%   69.92%   +0.01%     
=================================================
  Files               3307     3307              
  Lines             120581   120581              
  Branches           21576    21645      +69     
=================================================
+ Hits               84294    84314      +20     
+ Misses             32986    32966      -20     
  Partials            3301     3301              

Flag	Coverage Δ
e2e	59.66% <ø> (+0.03%)	⬆️
e2e-api	47.18% <ø> (+0.03%)	⬆️
unit	70.65% <ø> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.