fix: clean up login tokens in users.deactivateidle

[dionisio-bot]

Backport of #40496

[changeset-bot]

🦋 Changeset detected

Latest commit: b92ec26

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 41 packages

Name	Type
@rocket.chat/model-typings	Patch
@rocket.chat/models	Patch
@rocket.chat/meteor	Patch
@rocket.chat/apps	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/stream-hub-service	Patch
@rocket.chat/omnichannel-services	Patch
rocketchat-services	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/presence	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/api-client	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/freeswitch	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/http-router	Patch
@rocket.chat/livechat	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/license	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/ui-video-conf	Patch
@rocket.chat/ui-voip	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[cubic-dev-ai]

1 issue found across 5 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="apps/meteor/app/api/server/v1/users.ts">

<violation number="1" location="apps/meteor/app/api/server/v1/users.ts:435">
P1: Notifications are sent from a pre-update snapshot, so concurrent logins/activity can cause false `active:false` / token-cleared updates for users who were not actually deactivated.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Re-trigger cubic}

[cubic-dev-ai]

P1: Notifications are sent from a pre-update snapshot, so concurrent logins/activity can cause false active:false / token-cleared updates for users who were not actually deactivated.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/meteor/app/api/server/v1/users.ts, line 435:

<comment>Notifications are sent from a pre-update snapshot, so concurrent logins/activity can cause false `active:false` / token-cleared updates for users who were not actually deactivated.</comment>

<file context>
@@ -426,9 +426,20 @@ API.v1.addRoute(
+
 			const { modifiedCount: count } = await Users.setActiveNotLoggedInAfterWithRole(lastLoggedIn, role, false);
 
+			ids.forEach((_id) => {
+				void notifyOnUserChange({
+					clientAction: 'updated',
</file context>

Suggested change

	ids.forEach((_id) => {
	void notifyOnUserChange({
	clientAction: 'updated',
	id: _id,
	diff: { 'services.resume.loginTokens': [], 'active': false },
	});
	});
	await Promise.all(
	ids.map(async (_id) => {
	const user = await Users.findOneById(_id, { projection: { active: 1 } });
	if (!user || user.active) {
	return;
	}
	void notifyOnUserChange({
	clientAction: 'updated',
	id: _id,
	diff: { 'services.resume.loginTokens': [], 'active': false },
	});
	}),
	);

[github-actions]

📦 Docker Image Size Report

📉 Changes

Service	Current	Baseline	Change	Percent
sum of all images	0B	1.2GiB	-1.2GiB
account-service	0B	121MiB	-121MiB
authorization-service	0B	121MiB	-121MiB
ddp-streamer-service	0B	136MiB	-136MiB
omnichannel-transcript-service	0B	143MiB	-143MiB
presence-service	0B	120MiB	-120MiB
queue-worker-service	0B	143MiB	-143MiB
rocketchat	0B	295MiB	-295MiB
stream-hub-service	0B	111MiB	-111MiB

📊 Historical Trend

---
config:
  theme: "dark"
  xyChart:
    width: 900
    height: 400
---
xychart
  title "Image Size Evolution by Service (Last 30 Days + This PR)"
  x-axis ["04/06 15:31", "04/07 23:08", "04/08 22:53", "04/09 21:19", "04/10 19:00", "04/13 20:49", "04/14 21:34", "04/15 23:36", "04/16 23:06", "04/17 23:54", "04/20 22:03", "04/21 02:43", "04/22 23:32", "04/23 19:23", "04/24 20:12", "04/27 21:07", "04/28 17:53", "04/29 23:30", "04/30 21:58", "05/01 03:17", "05/04 23:47", "05/05 23:54", "05/06 23:38", "05/07 19:16", "05/08 23:25", "05/11 23:38", "05/12 20:56", "05/13 20:48", "05/14 22:19", "05/15 20:08", "05/15 21:04 (PR)"]
  y-axis "Size (GB)" 0 --> 0.5
  line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.00]
  line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.00]
  line "ddp-streamer-service" [0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.00]
  line "omnichannel-transcript-service" [0.13, 0.13, 0.13, 0.13, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.00]
  line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.12, 0.12, 0.12, 0.12, 0.12, 0.00]
  line "queue-worker-service" [0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.00]
  line "rocketchat" [0.40, 0.40, 0.31, 0.31, 0.31, 0.31, 0.31, 0.32, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.00]
  line "stream-hub-service" [0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00, 0.00]

Loading

Statistics (last 30 days):

• 📊 Average: 1.4GiB
• ⬇️ Minimum: 1.4GiB
• ⬆️ Maximum: 1.6GiB
• 🎯 Current PR: 0B

ℹ️ About this report

This report compares Docker image sizes from this build against the develop baseline.

• Tag: pr-40569
• Baseline: develop
• Timestamp: 2026-05-15 21:04:04 UTC
• Historical data points: 30

---

Updated: Fri, 15 May 2026 21:04:04 GMT

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (release-7.13.8@99a011c). Learn more about missing BASE report.

Additional details and impacted files

@@                Coverage Diff                @@
##             release-7.13.8   #40569   +/-   ##
=================================================
  Coverage                  ?   67.90%           
=================================================
  Files                     ?     3445           
  Lines                     ?   113908           
  Branches                  ?    20835           
=================================================
  Hits                      ?    77345           
  Misses                    ?    34444           
  Partials                  ?     2119           

Flag	Coverage Δ
e2e	57.45% <ø> (?)
e2e-api	43.58% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.