POC delete stale non-e2e devices for users (#14038)

erikjohnston · clokep · squahtx · erikjohnston · commit 4fa2ff5d44f7 · 2022-12-05T10:09:19.000Z
This should help reduce the number of devices e.g. simple bots the repeatedly login rack up.

We only delete non-e2e devices as they should be safe to delete, whereas if we delete e2e devices for a user we may accidentally break their ability to receive e2e keys for a message.

Co-authored-by: Patrick Cloke &lt;clokep@users.noreply.github.com&gt;
Co-authored-by: Sean Quah &lt;8349537+squahtx@users.noreply.github.com&gt;
diff --git a/changelog.d/14038.misc b/changelog.d/14038.misc
@@ -0,0 +1 @@
+Prune user's old devices on login if they have too many.
diff --git a/synapse/handlers/device.py b/synapse/handlers/device.py
@@ -421,6 +421,9 @@ async def check_device_registered(
 
         self._check_device_name_length(initial_device_display_name)
 
+        # Prune the user's device list if they already have a lot of devices.
+        await self._prune_too_many_devices(user_id)
+
         if device_id is not None:
             new_device = await self.store.store_device(
                 user_id=user_id,
@@ -452,6 +455,14 @@ async def check_device_registered(
 
         raise errors.StoreError(500, "Couldn't generate a device ID.")
 
+    async def _prune_too_many_devices(self, user_id: str) -> None:
+        """Delete any excess old devices this user may have."""
+        device_ids = await self.store.check_too_many_devices_for_user(user_id)
+        if not device_ids:
+            return
+
+        await self.delete_devices(user_id, device_ids)
+
     async def _delete_stale_devices(self) -> None:
         """Background task that deletes devices which haven't been accessed for more than
         a configured time period.
@@ -481,7 +492,7 @@ async def delete_all_devices_for_user(
             device_ids = [d for d in device_ids if d != except_device_id]
         await self.delete_devices(user_id, device_ids)
 
-    async def delete_devices(self, user_id: str, device_ids: List[str]) -> None:
+    async def delete_devices(self, user_id: str, device_ids: Collection[str]) -> None:
         """Delete several devices
 
         Args:
diff --git a/synapse/storage/databases/main/devices.py b/synapse/storage/databases/main/devices.py
@@ -1538,6 +1538,70 @@ def _txn(txn: LoggingTransaction) -> int:
 
         return rows
 
+    async def check_too_many_devices_for_user(self, user_id: str) -> Collection[str]:
+        """Check if the user has a lot of devices, and if so return the set of
+        devices we can prune.
+
+        This does *not* return hidden devices or devices with E2E keys.
+        """
+
+        num_devices = await self.db_pool.simple_select_one_onecol(
+            table="devices",
+            keyvalues={"user_id": user_id, "hidden": False},
+            retcol="COALESCE(COUNT(*), 0)",
+            desc="count_devices",
+        )
+
+        # We let users have up to ten devices without pruning.
+        if num_devices <= 10:
+            return ()
+
+        # We prune everything older than N days.
+        max_last_seen = self._clock.time_msec() - 14 * 24 * 60 * 60 * 1000
+
+        if num_devices > 50:
+            # If the user has more than 50 devices, then we chose a last seen
+            # that ensures we keep at most 50 devices.
+            sql = """
+                SELECT last_seen FROM devices
+                WHERE
+                    user_id = ?
+                    AND NOT hidden
+                    AND last_seen IS NOT NULL
+                    AND key_json IS NULL
+                ORDER BY last_seen DESC
+                LIMIT 1
+                OFFSET 50
+            """
+
+            rows = await self.db_pool.execute(
+                "check_too_many_devices_for_user_last_seen", None, sql, (user_id,)
+            )
+            if rows:
+                max_last_seen = max(rows[0][0], max_last_seen)
+
+        # Now fetch the devices to delete.
+        sql = """
+            SELECT DISTINCT device_id FROM devices
+            LEFT JOIN e2e_device_keys_json USING (user_id, device_id)
+            WHERE
+                user_id = ?
+                AND NOT hidden
+                AND last_seen < ?
+                AND key_json IS NULL
+        """
+
+        def check_too_many_devices_for_user_txn(
+            txn: LoggingTransaction,
+        ) -> Collection[str]:
+            txn.execute(sql, (user_id, max_last_seen))
+            return {device_id for device_id, in txn}
+
+        return await self.db_pool.runInteraction(
+            "check_too_many_devices_for_user",
+            check_too_many_devices_for_user_txn,
+        )
+
 
 class DeviceStore(DeviceWorkerStore, DeviceBackgroundUpdateStore):
     # Because we have write access, this will be a StreamIdGenerator
@@ -1596,6 +1660,7 @@ async def store_device(
                 values={},
                 insertion_values={
                     "display_name": initial_device_display_name,
+                    "last_seen": self._clock.time_msec(),
                     "hidden": False,
                 },
                 desc="store_device",
@@ -1641,7 +1706,7 @@ async def store_device(
             )
             raise StoreError(500, "Problem storing device.")
 
-    async def delete_devices(self, user_id: str, device_ids: List[str]) -> None:
+    async def delete_devices(self, user_id: str, device_ids: Collection[str]) -> None:
         """Deletes several devices.
 
         Args:
diff --git a/tests/handlers/test_device.py b/tests/handlers/test_device.py
@@ -115,7 +115,7 @@ def test_get_devices_by_user(self) -> None:
                 "device_id": "xyz",
                 "display_name": "display 0",
                 "last_seen_ip": None,
-                "last_seen_ts": None,
+                "last_seen_ts": 1000000,
             },
             device_map["xyz"],
         )
diff --git a/tests/storage/test_client_ips.py b/tests/storage/test_client_ips.py
@@ -169,6 +169,8 @@ def test_get_last_client_ip_by_device(self, after_persisting: bool):
             )
         )
 
+        last_seen = self.clock.time_msec()
+
         if after_persisting:
             # Trigger the storage loop
             self.reactor.advance(10)
@@ -189,7 +191,7 @@ def test_get_last_client_ip_by_device(self, after_persisting: bool):
                         "device_id": device_id,
                         "ip": None,
                         "user_agent": None,
-                        "last_seen": None,
+                        "last_seen": last_seen,
                     },
                 ],
             )

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Prune user's old devices on login if they have too many.`
Original file line number	Diff line number	Diff line change
`@@ -115,7 +115,7 @@ def test_get_devices_by_user(self) -> None:`
`115`	`115`	`"device_id": "xyz",`
`116`	`116`	`"display_name": "display 0",`
`117`	`117`	`"last_seen_ip": None,`
`118`		`- "last_seen_ts": None,`
	`118`	`+ "last_seen_ts": 1000000,`
`119`	`119`	`},`
`120`	`120`	`device_map["xyz"],`
`121`	`121`	`)`
Original file line number	Diff line number	Diff line change
`@@ -169,6 +169,8 @@ def test_get_last_client_ip_by_device(self, after_persisting: bool):`
`169`	`169`	`)`
`170`	`170`	`)`
`171`	`171`
	`172`	`+ last_seen = self.clock.time_msec()`
	`173`	`+`
`172`	`174`	`if after_persisting:`
`173`	`175`	`# Trigger the storage loop`
`174`	`176`	`self.reactor.advance(10)`
`@@ -189,7 +191,7 @@ def test_get_last_client_ip_by_device(self, after_persisting: bool):`
`189`	`191`	`"device_id": device_id,`
`190`	`192`	`"ip": None,`
`191`	`193`	`"user_agent": None,`
`192`		`- "last_seen": None,`
	`194`	`+ "last_seen": last_seen,`
`193`	`195`	`},`
`194`	`196`	`],`
`195`	`197`	`)`