🐛 Fix randomly account got logged out

DysonNetwork.Pass/Account/AccountService.cs

@@ -440,7 +440,7 @@ public class AccountService(
         );
     }
 
-    public async Task<bool> IsDeviceActive(Guid id)
+    private async Task<bool> IsDeviceActive(Guid id)
     {
         return await db.AuthSessions
             .Include(s => s.Challenge)
@@ -468,7 +468,11 @@ public class AccountService(
             .Where(s => s.Id == sessionId && s.AccountId == account.Id)
             .FirstOrDefaultAsync();
         if (session is null) throw new InvalidOperationException("Session was not found.");
-
+        
+        // The current session should be included in the sessions' list
+        db.AuthSessions.Remove(session);
+        await db.SaveChangesAsync();
+        
         if (session.Challenge.ClientId.HasValue)
         {
             if (!await IsDeviceActive(session.Challenge.ClientId.Value))
@@ -476,13 +480,8 @@ public class AccountService(
                     { DeviceId = session.Challenge.Client!.DeviceId }
                 );
         }
-
-        // The current session should be included in the sessions' list
-        var now = SystemClock.Instance.GetCurrentInstant();
-        await db.AuthSessions
-            .Include(s => s.Challenge)
-            .Where(s => s.Challenge.DeviceId == session.Challenge.DeviceId)
-            .ExecuteUpdateAsync(p => p.SetProperty(s => s.DeletedAt, s => now));
+        
+        logger.LogInformation("Deleted session #{SessionId}", session.Id);
 
         await cache.RemoveAsync($"{AuthService.AuthCachePrefix}{session.Id}");
     }
@@ -507,7 +506,7 @@ public class AccountService(
         var now = SystemClock.Instance.GetCurrentInstant();
         await db.AuthSessions
             .Include(s => s.Challenge)
-            .Where(s => s.Challenge.DeviceId == device.DeviceId)
+            .Where(s => s.Challenge.ClientId == device.Id)
             .ExecuteUpdateAsync(p => p.SetProperty(s => s.DeletedAt, s => now));
         
         db.AuthClients.Remove(device);

DysonNetwork.Pass/Auth/AuthSession.cs

@@ -68,7 +68,6 @@ public class AuthChallenge : ModelBase
     [MaxLength(128)] public string? IpAddress { get; set; }
     [MaxLength(512)] public string? UserAgent { get; set; }
     [MaxLength(1024)] public string? Nonce { get; set; }
-    [MaxLength(1024)] public string? DeviceId { get; set; } = string.Empty;
     public Point? Location { get; set; }
 
     public Guid AccountId { get; set; }

DysonNetwork.Pass/Migrations/20250818125540_RemoveChallengeOldDeviceId.cs

@@ -0,0 +1,29 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace DysonNetwork.Pass.Migrations
+{
+    /// <inheritdoc />
+    public partial class RemoveChallengeOldDeviceId : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "device_id",
+                table: "auth_challenges");
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<string>(
+                name: "device_id",
+                table: "auth_challenges",
+                type: "character varying(1024)",
+                maxLength: 1024,
+                nullable: true);
+        }
+    }
+}

DysonNetwork.Pass/Migrations/AppDatabaseModelSnapshot.cs

@@ -829,11 +829,6 @@ namespace DysonNetwork.Pass.Migrations
                         .HasColumnType("timestamp with time zone")
                         .HasColumnName("deleted_at");
 
-                    b.Property<string>("DeviceId")
-                        .HasMaxLength(1024)
-                        .HasColumnType("character varying(1024)")
-                        .HasColumnName("device_id");
-
                     b.Property<Instant?>("ExpiredAt")
                         .HasColumnType("timestamp with time zone")
                         .HasColumnName("expired_at");