fix(activesync): complete account-only remote wipe per user#62
Merged
Conversation
Store account-only wipe status per device user, stop the provision loop after client ack, block sync for wiped accounts, and reject further provisioning so iOS does not receive new policy keys. Co-authored-by: Cursor <cursoragent@cursor.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates ActiveSync remote-wipe handling so account-only remote wipe is tracked per device user (not per device ID), enabling correct behavior when multiple accounts share the same device ID.
Changes:
- Add per-user
device_accountonly_rwstatusstorage (SQL migration + SQL/Mongo state support) and expose it via new state APIs. - Adjust Provision / policy-key enforcement so account-only wipe is acknowledged with a minimal response, only sent while pending, and blocks subsequent sync via provisioning-required responses.
- Update long-polling (PING) change detection to consider the new per-user account-only wipe status.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| migration/Horde/ActiveSync/25_horde_activesync_peruser_accountonly_rwstatus.php | Adds per-user SQL column and clears legacy device-level account-only wipe states. |
| lib/Horde/ActiveSync/State/Sql.php | Loads/stores per-user account-only wipe status and adds setter API. |
| lib/Horde/ActiveSync/State/Mongo.php | Stores/loads per-user account-only wipe status in Mongo device user subdocuments. |
| lib/Horde/ActiveSync/State/Base.php | Adds getAccountOnlyRWStatus() and new abstract setter for account-only wipe status. |
| lib/Horde/ActiveSync/Request/Provision.php | Updates Provision flow to handle account-only wipe pending/ack/wiped behavior. |
| lib/Horde/ActiveSync/Request/Base.php | Enforces provisioning-required responses for account-only pending/wiped states. |
| lib/Horde/ActiveSync/Collections.php | Makes PING change polling treat account-only wipe as requiring FolderSync. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Initialize per-user row data before loadDeviceInfo() reads account-only status, normalize getAccountOnlyRWStatus() to RWSTATUS_NA, reject account-only constants in setDeviceRWStatus(), and add SQLite unit tests for the per-user wipe lifecycle.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
device_accountonly_rwstatusstorage (migration 25) so account-only wipe works when multiple accounts share one device IDACCOUNTONLY_WIPED, and only sendAccountOnlyRemoteWipewhile status is pendingTest plan