fix: clean up login tokens in users.deactivateidle

[dionisio-bot]

Backport of #40496

[changeset-bot]

🦋 Changeset detected

Latest commit: c263291

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 40 packages

Name	Type
@rocket.chat/model-typings	Patch
@rocket.chat/models	Patch
@rocket.chat/meteor	Patch
@rocket.chat/apps	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/omnichannel-services	Patch
rocketchat-services	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/abac	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/presence	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/api-client	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/http-router	Patch
@rocket.chat/livechat	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/ui-voip	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/license	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/ui-video-conf	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[cubic-dev-ai]

1 issue found across 5 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="apps/meteor/app/api/server/v1/users.ts">

<violation number="1" location="apps/meteor/app/api/server/v1/users.ts:431">
P2: This notifies all pre-fetched IDs even if some were not actually updated, which can emit incorrect `active: false` and login-token diffs under concurrent logins.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Re-trigger cubic}

[cubic-dev-ai]

P2: This notifies all pre-fetched IDs even if some were not actually updated, which can emit incorrect active: false and login-token diffs under concurrent logins.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/meteor/app/api/server/v1/users.ts, line 431:

<comment>This notifies all pre-fetched IDs even if some were not actually updated, which can emit incorrect `active: false` and login-token diffs under concurrent logins.</comment>

<file context>
@@ -428,9 +428,20 @@ API.v1.addRoute(
 			lastLoggedIn.setDate(lastLoggedIn.getDate() - daysIdle);
 
-			// since we're deactiving users that are not logged in, there is no need to send data through WS
+			const ids = await Users.findActiveNotLoggedInAfterWithRole(lastLoggedIn, role, { projection: { _id: 1 } })
+				.map(({ _id }: { _id: string }) => _id)
+				.toArray();
</file context>

Suggested change

	const ids = await Users.findActiveNotLoggedInAfterWithRole(lastLoggedIn, role, { projection: { _id: 1 } })
	.map(({ _id }: { _id: string }) => _id)
	.toArray();
	const { modifiedCount: count } = await Users.setActiveNotLoggedInAfterWithRole(lastLoggedIn, role, false);
	ids.forEach((_id) => {
	void notifyOnUserChange({
	clientAction: 'updated',
	id: _id,
	diff: { 'services.resume.loginTokens': [], 'active': false },
	});
	});
	const ids = await Users.findActiveNotLoggedInAfterWithRole(lastLoggedIn, role, { projection: { _id: 1 } })
	.map(({ _id }: { _id: string }) => _id)
	.toArray();
	const { modifiedCount: count } = await Users.setActiveNotLoggedInAfterWithRole(lastLoggedIn, role, false);
	const deactivatedIds = (await Users.findByIds(ids, { projection: { _id: 1, active: 1 } }).toArray())
	.filter(({ active }) => active === false)
	.map(({ _id }) => _id);
	deactivatedIds.forEach((_id) => {
	void notifyOnUserChange({
	clientAction: 'updated',
	id: _id,
	diff: { 'services.resume.loginTokens': [], 'active': false },
	});
	});

[github-actions]

📦 Docker Image Size Report

📈 Changes

Service	Current	Baseline	Change	Percent
sum of all images	1.1GiB	1.1GiB	+1.3MiB
rocketchat	357MiB	295MiB	+62MiB
omnichannel-transcript-service	132MiB	143MiB	-12MiB
queue-worker-service	132MiB	143MiB	-12MiB
ddp-streamer-service	126MiB	136MiB	-9.8MiB
account-service	113MiB	121MiB	-8.4MiB
authorization-service	111MiB	121MiB	-11MiB
presence-service	111MiB	120MiB	-9.8MiB

📊 Historical Trend

---
config:
  theme: "dark"
  xyChart:
    width: 900
    height: 400
---
xychart
  title "Image Size Evolution by Service (Last 30 Days + This PR)"
  x-axis ["04/06 15:31", "04/07 23:08", "04/08 22:53", "04/09 21:19", "04/10 19:00", "04/13 20:49", "04/14 21:34", "04/15 23:36", "04/16 23:06", "04/17 23:54", "04/20 22:03", "04/21 02:43", "04/22 23:32", "04/23 19:23", "04/24 20:12", "04/27 21:07", "04/28 17:53", "04/29 23:30", "04/30 21:58", "05/01 03:17", "05/04 23:47", "05/05 23:54", "05/06 23:38", "05/07 19:16", "05/08 23:25", "05/11 23:38", "05/12 20:56", "05/13 20:48", "05/14 22:19", "05/15 20:08", "05/15 20:42 (PR)"]
  y-axis "Size (GB)" 0 --> 0.5
  line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.11]
  line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.11]
  line "ddp-streamer-service" [0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.12]
  line "omnichannel-transcript-service" [0.13, 0.13, 0.13, 0.13, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.13]
  line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.12, 0.12, 0.12, 0.12, 0.12, 0.11]
  line "queue-worker-service" [0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.13]
  line "rocketchat" [0.40, 0.40, 0.31, 0.31, 0.31, 0.31, 0.31, 0.32, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.35]

Loading

Statistics (last 30 days):

• 📊 Average: 1.4GiB
• ⬇️ Minimum: 1.4GiB
• ⬆️ Maximum: 1.6GiB
• 🎯 Current PR: 1.1GiB

ℹ️ About this report

This report compares Docker image sizes from this build against the develop baseline.

• Tag: pr-40566
• Baseline: develop
• Timestamp: 2026-05-15 20:42:44 UTC
• Historical data points: 30

---

Updated: Fri, 15 May 2026 20:42:45 GMT

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (release-8.0.6@ca4f9f1). Learn more about missing BASE report.

Additional details and impacted files

@@               Coverage Diff                @@
##             release-8.0.6   #40566   +/-   ##
================================================
  Coverage                 ?   70.67%           
================================================
  Files                    ?     3168           
  Lines                    ?   109517           
  Branches                 ?    19667           
================================================
  Hits                     ?    77399           
  Misses                   ?    30077           
  Partials                 ?     2041           

Flag	Coverage Δ
e2e	60.13% <ø> (?)
e2e-api	47.58% <ø> (?)
unit	71.76% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.