s3: add bulk delete api (#82)

Notesnook.API/Controllers/S3Controller.cs

@@ -21,20 +21,17 @@ using System;
 using System.Net.Http;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Amazon.S3.Model;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 using MongoDB.Driver;
-using Notesnook.API.Accessors;
 using Notesnook.API.Helpers;
 using Notesnook.API.Interfaces;
 using Notesnook.API.Models;
 using Streetwriters.Common;
 using Streetwriters.Common.Accessors;
 using Streetwriters.Common.Extensions;
-using Streetwriters.Common.Interfaces;
 using Streetwriters.Common.Models;
 
 namespace Notesnook.API.Controllers
@@ -212,5 +209,26 @@ namespace Notesnook.API.Controllers
                 return BadRequest(new { error = "Failed to delete attachment." });
             }
         }
+
+        [HttpPost("bulk-delete")]
+        public async Task<IActionResult> DeleteBulkAsync([FromBody] DeleteBulkObjectsRequest request)
+        {
+            try
+            {
+                if (request.Names == null || request.Names.Length == 0)
+                {
+                    return BadRequest(new { error = "No files specified for deletion." });
+                }
+
+                var userId = this.User.GetUserId();
+                await s3Service.DeleteObjectsAsync(userId, request.Names);
+                return Ok();
+            }
+            catch (Exception ex)
+            {
+                logger.LogError(ex, "Error deleting objects for user.");
+                return BadRequest(new { error = "Failed to delete attachments." });
+            }
+        }
     }
 }

Notesnook.API/Controllers/UsersController.cs

@@ -18,9 +18,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 using System;
-using System.Net.Http;
 using System.Security.Claims;
-using System.Text.Json;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http.Timeouts;
@@ -30,16 +28,13 @@ using Notesnook.API.Interfaces;
 using Notesnook.API.Models;
 using Notesnook.API.Models.Responses;
 using Streetwriters.Common;
-using Streetwriters.Common.Accessors;
-using Streetwriters.Common.Extensions;
-using Streetwriters.Common.Messages;
 
 namespace Notesnook.API.Controllers
 {
     [ApiController]
     [Authorize]
     [Route("users")]
-    public class UsersController(IUserService UserService, WampServiceAccessor serviceAccessor, ILogger<UsersController> logger) : ControllerBase
+    public class UsersController(IUserService UserService, ILogger<UsersController> logger) : ControllerBase
     {
         [HttpPost]
         [AllowAnonymous]
@@ -90,43 +85,6 @@ namespace Notesnook.API.Controllers
             }
         }
 
-        [HttpPatch("password/{type}")]
-        public async Task<IActionResult> ChangePassword([FromRoute] string type, [FromBody] ChangePasswordForm form)
-        {
-            var userId = User.GetUserId();
-            var clientId = User.FindFirstValue("client_id");
-            var jti = User.FindFirstValue("jti");
-            var isPasswordReset = type == "reset";
-            try
-            {
-                var result = isPasswordReset ? await serviceAccessor.UserAccountService.ResetPasswordAsync(userId, form.NewPassword) : await serviceAccessor.UserAccountService.ChangePasswordAsync(userId, form.OldPassword, form.NewPassword);
-                if (!result)
-                    return BadRequest("Failed to change password.");
-
-                await UserService.SetUserKeysAsync(userId, form.UserKeys);
-
-                await serviceAccessor.UserAccountService.ClearSessionsAsync(userId, clientId, all: false, jti, null);
-
-                await WampServers.MessengerServer.PublishMessageAsync(MessengerServerTopics.SendSSETopic, new SendSSEMessage
-                {
-                    UserId = userId,
-                    OriginTokenId = jti,
-                    Message = new Message
-                    {
-                        Type = "logout",
-                        Data = JsonSerializer.Serialize(new { reason = "Password changed." })
-                    }
-                });
-
-                return Ok();
-            }
-            catch (Exception ex)
-            {
-                logger.LogError(ex, "Failed to change password");
-                return BadRequest(new { error = ex.Message });
-            }
-        }
-
         [HttpPost("reset")]
         public async Task<IActionResult> Reset([FromForm] bool removeAttachments)
         {

Notesnook.API/Interfaces/IS3Service.cs

@@ -17,18 +17,16 @@ You should have received a copy of the Affero GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-using System.Threading;
 using System.Threading.Tasks;
 using Amazon.S3.Model;
 using Notesnook.API.Models;
-using Notesnook.API.Models.Responses;
-using Streetwriters.Common.Interfaces;
 
 namespace Notesnook.API.Interfaces
 {
     public interface IS3Service
     {
         Task DeleteObjectAsync(string userId, string name);
+        Task DeleteObjectsAsync(string userId, string[] names);
         Task DeleteDirectoryAsync(string userId);
         Task<long> GetObjectSizeAsync(string userId, string name);
         Task<string?> GetUploadObjectUrlAsync(string userId, string name);

Notesnook.API/Models/ChangePasswordForm.cs

@@ -1,24 +0,0 @@
-using System.ComponentModel.DataAnnotations;
-
-namespace Notesnook.API.Models
-{
-    public class ChangePasswordForm
-    {
-        public string? OldPassword
-        {
-            get; set;
-        }
-
-        [Required]
-        public required string NewPassword
-        {
-            get; set;
-        }
-
-        [Required]
-        public required UserKeys UserKeys
-        {
-            get; set;
-        }
-    }
-}

Notesnook.API/Models/DeleteBulkRequest.cs

@@ -0,0 +1,25 @@
+/*
+This file is part of the Notesnook Sync Server project (https://notesnook.com/)
+
+Copyright (C) 2023 Streetwriters (Private) Limited
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the Affero GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+Affero GNU General Public License for more details.
+
+You should have received a copy of the Affero GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+namespace Notesnook.API.Models;
+
+public class DeleteBulkObjectsRequest
+{
+    public required string[] Names { get; set; }
+}

Notesnook.API/Models/ResetPasswordForm.cs

@@ -1,19 +0,0 @@
-using System.ComponentModel.DataAnnotations;
-
-namespace Notesnook.API.Models
-{
-    public class ResetPasswordForm
-    {
-        [Required]
-        public required string NewPassword
-        {
-            get; set;
-        }
-
-        [Required]
-        public required UserKeys UserKeys
-        {
-            get; set;
-        }
-    }
-}

Notesnook.API/Models/Responses/UserResponse.cs

@@ -15,11 +15,6 @@ namespace Notesnook.API.Models.Responses
 
         [JsonPropertyName("monographPasswordsKey")]
         public EncryptedData? MonographPasswordsKey { get; set; }
-        [JsonPropertyName("dataEncryptionKey")]
-        public EncryptedData? DataEncryptionKey { get; set; }
-
-        [JsonPropertyName("legacyDataEncryptionKey")]
-        public EncryptedData? LegacyDataEncryptionKey { get; set; }
 
         [JsonPropertyName("inboxKeys")]
         public InboxKeys? InboxKeys { get; set; }

Notesnook.API/Models/SyncItem.cs

@@ -98,14 +98,6 @@ namespace Notesnook.API.Models
             get; set;
         }
 
-        [JsonPropertyName("keyVersion")]
-        [DataMember(Name = "keyVersion")]
-        [MessagePack.Key("keyVersion")]
-        public int? KeyVersion
-        {
-            get; set;
-        }
-
         [JsonPropertyName("alg")]
         [DataMember(Name = "alg")]
         [MessagePack.Key("alg")]

Notesnook.API/Models/UserKeys.cs

@@ -24,8 +24,6 @@ namespace Notesnook.API.Models
         public EncryptedData? AttachmentsKey { get; set; }
         public EncryptedData? MonographPasswordsKey { get; set; }
         public InboxKeys? InboxKeys { get; set; }
-        public EncryptedData? DataEncryptionKey { get; set; }
-        public EncryptedData? LegacyDataEncryptionKey { get; set; }
     }
 
     public class InboxKeys

Notesnook.API/Models/UserSettings.cs

@@ -55,8 +55,6 @@ namespace Notesnook.API.Models
         public EncryptedData? VaultKey { get; set; }
         public EncryptedData? AttachmentsKey { get; set; }
         public EncryptedData? MonographPasswordsKey { get; set; }
-        public EncryptedData? DataEncryptionKey { get; set; }
-        public EncryptedData? LegacyDataEncryptionKey { get; set; }
         public InboxKeys? InboxKeys { get; set; }
         public Limit? StorageLimit { get; set; }
 

Notesnook.API/Services/S3Service.cs

@@ -24,21 +24,15 @@ using System.Net.Http;
 using System.Text.RegularExpressions;
 using System.Threading.Tasks;
 using Amazon;
-using Amazon.Runtime;
 using Amazon.S3;
 using Amazon.S3.Model;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
 using MongoDB.Driver;
-using Notesnook.API.Accessors;
 using Notesnook.API.Helpers;
 using Notesnook.API.Interfaces;
 using Notesnook.API.Models;
 using Streetwriters.Common;
 using Streetwriters.Common.Accessors;
-using Streetwriters.Common.Enums;
-using Streetwriters.Common.Interfaces;
-using Streetwriters.Common.Models;
 
 namespace Notesnook.API.Services
 {
@@ -110,6 +104,70 @@ namespace Notesnook.API.Services
                 throw new Exception("Could not delete object.");
         }
 
+        public async Task DeleteObjectsAsync(string userId, string[] names)
+        {
+            var objectsToDelete = new List<KeyVersion>();
+
+            foreach (var name in names)
+            {
+                var objectName = GetFullObjectName(userId, name);
+                if (objectName == null) continue;
+
+                objectsToDelete.Add(new KeyVersion { Key = objectName });
+            }
+
+            if (objectsToDelete.Count == 0)
+            {
+                return;
+            }
+
+            // S3 DeleteObjectsRequest supports max 1000 keys per request
+            var batchSize = 1000;
+            var deleteErrors = new List<DeleteError>();
+            var failedBatches = 0;
+
+            for (int i = 0; i < objectsToDelete.Count; i += batchSize)
+            {
+                var batch = objectsToDelete.Skip(i).Take(batchSize).ToList();
+                var deleteObjectsResponse = await S3InternalClient.ExecuteWithFailoverAsync(
+                    (client) => client.DeleteObjectsAsync(new DeleteObjectsRequest
+                    {
+                        BucketName = INTERNAL_BUCKET_NAME,
+                        Objects = batch,
+                    }),
+                    operationName: "DeleteObjects",
+                    isWriteOperation: true
+                );
+
+                if (!IsSuccessStatusCode((int)deleteObjectsResponse.HttpStatusCode))
+                {
+                    failedBatches++;
+                }
+
+                if (deleteObjectsResponse.DeleteErrors.Count > 0)
+                {
+                    deleteErrors.AddRange(deleteObjectsResponse.DeleteErrors);
+                }
+            }
+
+            if (failedBatches > 0 || deleteErrors.Count > 0)
+            {
+                var errorParts = new List<string>();
+
+                if (failedBatches > 0)
+                {
+                    errorParts.Add($"{failedBatches} batch(es) failed with unsuccessful status code");
+                }
+
+                if (deleteErrors.Count > 0)
+                {
+                    errorParts.Add(string.Join(", ", deleteErrors.Select(e => $"{e.Key}: {e.Message}")));
+                }
+
+                throw new Exception(string.Join("; ", errorParts));
+            }
+        }
+
         public async Task DeleteDirectoryAsync(string userId)
         {
             var request = new ListObjectsV2Request

Notesnook.API/Services/UserService.cs

@@ -18,7 +18,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 using System;
-using System.Collections.Generic;
 using System.Net.Http;
 using System.Text.Json;
 using System.Threading;
@@ -134,8 +133,6 @@ namespace Notesnook.API.Services
                 PhoneNumber = user.PhoneNumber,
                 AttachmentsKey = userSettings.AttachmentsKey,
                 MonographPasswordsKey = userSettings.MonographPasswordsKey,
-                DataEncryptionKey = userSettings.DataEncryptionKey,
-                LegacyDataEncryptionKey = userSettings.LegacyDataEncryptionKey,
                 InboxKeys = userSettings.InboxKeys,
                 Salt = userSettings.Salt,
                 Subscription = subscription,
@@ -158,11 +155,6 @@ namespace Notesnook.API.Services
             {
                 userSettings.MonographPasswordsKey = keys.MonographPasswordsKey;
             }
-            if (keys.DataEncryptionKey != null)
-                userSettings.DataEncryptionKey = keys.DataEncryptionKey;
-            if (keys.LegacyDataEncryptionKey != null)
-                userSettings.LegacyDataEncryptionKey = keys.LegacyDataEncryptionKey;
-
             if (keys.InboxKeys != null)
             {
                 if (keys.InboxKeys.Public == null || keys.InboxKeys.Private == null)
@@ -276,8 +268,6 @@ namespace Notesnook.API.Services
 
             userSettings.AttachmentsKey = null;
             userSettings.MonographPasswordsKey = null;
-            userSettings.DataEncryptionKey = null;
-            userSettings.LegacyDataEncryptionKey = null;
             userSettings.VaultKey = null;
             userSettings.InboxKeys = null;
             userSettings.LastSynced = 0;

Streetwriters.Common/Interfaces/IUserAccountService.cs

@@ -10,11 +10,7 @@ namespace Streetwriters.Common.Interfaces
         Task<UserModel?> GetUserAsync(string clientId, string userId);
         [WampProcedure("co.streetwriters.identity.users.delete_user")]
         Task DeleteUserAsync(string clientId, string userId, string password);
-        [WampProcedure("co.streetwriters.identity.users.change_password")]
-        Task<bool> ChangePasswordAsync(string userId, string oldPassword, string newPassword);
-        [WampProcedure("co.streetwriters.identity.users.reset_password")]
-        Task<bool> ResetPasswordAsync(string userId, string newPassword);
-        [WampProcedure("co.streetwriters.identity.users.clear_sessions")]
-        Task<bool> ClearSessionsAsync(string userId, string clientId, bool all, string jti, string? refreshToken);
+        // [WampProcedure("co.streetwriters.identity.users.create_user")]
+        // Task<UserModel> CreateUserAsync();
     }
 }

Streetwriters.Identity/Controllers/AccountController.cs

@@ -25,7 +25,6 @@ using System.Security.Claims;
 using System.Text.Json;
 using System.Threading.Tasks;
 using AspNetCore.Identity.Mongo.Model;
-using IdentityServer4.Extensions;
 using IdentityServer4.Stores;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
@@ -98,12 +97,12 @@ namespace Streetwriters.Identity.Controllers
                     }
                 case TokenType.RESET_PASSWORD:
                     {
-                        if (!await UserManager.VerifyUserTokenAsync(user, TokenOptions.DefaultProvider, "ResetPassword", code))
-                            return BadRequest("Invalid token.");
+                        // if (!await UserManager.VerifyUserTokenAsync(user, TokenOptions.DefaultProvider, "ResetPassword", code))
+                        return BadRequest("Password reset is temporarily disabled due to some issues. It should be back soon. We apologize for the inconvenience.");
 
-                        var authorizationCode = await UserManager.GenerateUserTokenAsync(user, TokenOptions.DefaultProvider, "PasswordResetAuthorizationCode");
-                        var redirectUrl = $"{client.AccountRecoveryRedirectURL}?userId={userId}&code={authorizationCode}";
-                        return RedirectPermanent(redirectUrl);
+                        // var authorizationCode = await UserManager.GenerateUserTokenAsync(user, TokenOptions.DefaultProvider, "PasswordResetAuthorizationCode");
+                        // var redirectUrl = $"{client.AccountRecoveryRedirectURL}?userId={userId}&code={authorizationCode}";
+                        // return RedirectPermanent(redirectUrl);
                     }
                 default:
                     return BadRequest("Invalid type.");
@@ -150,22 +149,22 @@ namespace Streetwriters.Identity.Controllers
         [EnableRateLimiting("strict")]
         public async Task<IActionResult> ResetUserPassword([FromForm] ResetPasswordForm form)
         {
+            return BadRequest(new { error = "Password reset is temporarily disabled due to some issues. It should be back soon. We apologize for the inconvenience." });
+            //             var client = Clients.FindClientById(form.ClientId);
+            //             if (client == null) return BadRequest("Invalid client_id.");
 
-            var client = Clients.FindClientById(form.ClientId);
-            if (client == null) return BadRequest("Invalid client_id.");
+            //             var user = await UserManager.FindByEmailAsync(form.Email) ?? throw new Exception("User not found.");
+            //             if (!await UserService.IsUserValidAsync(UserManager, user, form.ClientId)) return Ok();
 
-            var user = await UserManager.FindByEmailAsync(form.Email) ?? throw new Exception("User not found.");
-            if (!await UserService.IsUserValidAsync(UserManager, user, form.ClientId)) return Ok();
-
-            var code = await UserManager.GenerateUserTokenAsync(user, TokenOptions.DefaultProvider, "ResetPassword");
-            var callbackUrl = Url.TokenLink(user.Id.ToString(), code, client.Id, TokenType.RESET_PASSWORD);
-#if (DEBUG || STAGING)
-            return Ok(callbackUrl);
-#else
-                        logger.LogInformation("Password reset email sent to: {Email}, callback URL: {CallbackUrl}", user.Email, callbackUrl);
-                        await EmailSender.SendPasswordResetEmailAsync(user.Email, callbackUrl, client);
-                        return Ok();
-#endif
+            //             var code = await UserManager.GenerateUserTokenAsync(user, TokenOptions.DefaultProvider, "ResetPassword");
+            //             var callbackUrl = Url.TokenLink(user.Id.ToString(), code, client.Id, TokenType.RESET_PASSWORD);
+            // #if (DEBUG || STAGING)
+            //             return Ok(callbackUrl);
+            // #else
+            //             logger.LogInformation("Password reset email sent to: {Email}, callback URL: {CallbackUrl}", user.Email, callbackUrl);
+            //             await EmailSender.SendPasswordResetEmailAsync(user.Email, callbackUrl, client);
+            //             return Ok();
+            // #endif
         }
 
         [HttpPost("logout")]
@@ -250,6 +249,36 @@ namespace Streetwriters.Identity.Controllers
                         }
                         return BadRequest(result.Errors.ToErrors());
                     }
+                case "change_password":
+                    {
+                        return BadRequest(new { error = "Password change is temporarily disabled due to some issues. It should be back soon. We apologize for the inconvenience." });
+                        // ArgumentNullException.ThrowIfNull(form.OldPassword);
+                        // ArgumentNullException.ThrowIfNull(form.NewPassword);
+                        // var result = await UserManager.ChangePasswordAsync(user, form.OldPassword, form.NewPassword);
+                        // if (result.Succeeded)
+                        // {
+                        //     await SendLogoutMessageAsync(user.Id.ToString(), "Password changed.");
+                        //     return Ok();
+                        // }
+                        // return BadRequest(result.Errors.ToErrors());
+                    }
+                case "reset_password":
+                    {
+                        return BadRequest(new { error = "Password reset is temporarily disabled due to some issues. It should be back soon. We apologize for the inconvenience." });
+                        // ArgumentNullException.ThrowIfNull(form.NewPassword);
+                        // var result = await UserManager.RemovePasswordAsync(user);
+                        // if (result.Succeeded)
+                        // {
+                        //     await MFAService.ResetMFAAsync(user);
+                        //     result = await UserManager.AddPasswordAsync(user, form.NewPassword);
+                        //     if (result.Succeeded)
+                        //     {
+                        //         await SendLogoutMessageAsync(user.Id.ToString(), "Password reset.");
+                        //         return Ok();
+                        //     }
+                        // }
+                        // return BadRequest(result.Errors.ToErrors());
+                    }
                 case "change_marketing_consent":
                     {
                         var claimType = $"{client.Id}:marketing_consent";
@@ -268,14 +297,40 @@ namespace Streetwriters.Identity.Controllers
         [HttpPost("sessions/clear")]
         public async Task<IActionResult> ClearUserSessions([FromQuery] bool all, [FromForm] string? refresh_token)
         {
+            var client = Clients.FindClientById(User.FindFirstValue("client_id"));
+            if (client == null) return BadRequest("Invalid client_id.");
+
+            var user = await UserManager.GetUserAsync(User) ?? throw new Exception("User not found.");
+            if (!await UserService.IsUserValidAsync(UserManager, user, client.Id)) return BadRequest($"Unable to find user with ID '{user.Id}'.");
+
             var jti = User.FindFirstValue("jti");
-            var userId = User.GetSubjectId();
-            var clientId = User.FindFirstValue("client_id");
-            if (await UserAccountService.ClearSessionsAsync(userId, clientId, all, refresh_token, jti))
-                await SendLogoutMessageAsync(userId, "Session revoked.");
+
+            var grants = await PersistedGrantStore.GetAllAsync(new PersistedGrantFilter
+            {
+                ClientId = client.Id,
+                SubjectId = user.Id.ToString()
+            });
+            string? refreshTokenKey = refresh_token != null ? GetHashedKey(refresh_token, PersistedGrantTypes.RefreshToken) : null;
+            var removedKeys = new List<string>();
+            foreach (var grant in grants)
+            {
+                if (!all && (grant.Data.Contains(jti) || grant.Key == refreshTokenKey)) continue;
+                await PersistedGrantStore.RemoveAsync(grant.Key);
+                removedKeys.Add(grant.Key);
+            }
+
+            await WampServers.NotesnookServer.PublishMessageAsync(IdentityServerTopics.ClearCacheTopic, new ClearCacheMessage(removedKeys));
+            await WampServers.MessengerServer.PublishMessageAsync(IdentityServerTopics.ClearCacheTopic, new ClearCacheMessage(removedKeys));
+            await WampServers.SubscriptionServer.PublishMessageAsync(IdentityServerTopics.ClearCacheTopic, new ClearCacheMessage(removedKeys));
+            await SendLogoutMessageAsync(user.Id.ToString(), "Session revoked.");
             return Ok();
         }
 
+        private static string GetHashedKey(string value, string grantType)
+        {
+            return (value + ":" + grantType).Sha256();
+        }
+
         private async Task SendLogoutMessageAsync(string userId, string reason)
         {
             await SendMessageAsync(userId, new Message

Streetwriters.Identity/Services/UserAccountService.cs

@@ -1,22 +1,16 @@
 using System;
-using System.Collections.Generic;
 using System.Linq;
-using System.Text.Json;
 using System.Threading.Tasks;
-using IdentityServer4;
-using IdentityServer4.Stores;
 using Microsoft.AspNetCore.Identity;
-using Streetwriters.Common;
 using Streetwriters.Common.Enums;
 using Streetwriters.Common.Interfaces;
-using Streetwriters.Common.Messages;
 using Streetwriters.Common.Models;
 using Streetwriters.Identity.Interfaces;
 using Streetwriters.Identity.Models;
 
 namespace Streetwriters.Identity.Services
 {
-    public class UserAccountService(UserManager<User> userManager, IMFAService mfaService, IPersistedGrantStore persistedGrantStore) : IUserAccountService
+    public class UserAccountService(UserManager<User> userManager, IMFAService mfaService) : IUserAccountService
     {
         public async Task<UserModel?> GetUserAsync(string clientId, string userId)
         {
@@ -60,58 +54,5 @@ namespace Streetwriters.Identity.Services
 
             await userManager.DeleteAsync(user);
         }
-
-        public async Task<bool> ChangePasswordAsync(string userId, string oldPassword, string newPassword)
-        {
-            var user = await userManager.FindByIdAsync(userId) ?? throw new Exception("User not found.");
-
-            var result = await userManager.ChangePasswordAsync(user, oldPassword, newPassword);
-            return result.Succeeded;
-        }
-
-        public async Task<bool> ResetPasswordAsync(string userId, string newPassword)
-        {
-            var user = await userManager.FindByIdAsync(userId) ?? throw new Exception("User not found.");
-
-            var result = await userManager.RemovePasswordAsync(user);
-            if (!result.Succeeded) return false;
-
-            await mfaService.ResetMFAAsync(user);
-            result = await userManager.AddPasswordAsync(user, newPassword);
-            return result.Succeeded;
-        }
-
-        public async Task<bool> ClearSessionsAsync(string userId, string clientId, bool all, string jti, string? refreshToken)
-        {
-            var client = Clients.FindClientById(clientId) ?? throw new Exception("Invalid client_id.");
-
-            var user = await userManager.FindByIdAsync(userId) ?? throw new Exception("User not found.");
-            if (!await UserService.IsUserValidAsync(userManager, user, client.Id)) throw new Exception($"Unable to find user with ID '{user.Id}'.");
-
-            var grants = await persistedGrantStore.GetAllAsync(new PersistedGrantFilter
-            {
-                ClientId = client.Id,
-                SubjectId = user.Id.ToString()
-            });
-            string? refreshTokenKey = refreshToken != null ? GetHashedKey(refreshToken, IdentityServerConstants.PersistedGrantTypes.RefreshToken) : null;
-            List<string> removedKeys = [];
-            foreach (var grant in grants)
-            {
-                if (!all && (grant.Data.Contains(jti) || grant.Key == refreshTokenKey)) continue;
-                await persistedGrantStore.RemoveAsync(grant.Key);
-                removedKeys.Add(grant.Key);
-            }
-
-            await WampServers.NotesnookServer.PublishMessageAsync(IdentityServerTopics.ClearCacheTopic, new ClearCacheMessage(removedKeys));
-            await WampServers.MessengerServer.PublishMessageAsync(IdentityServerTopics.ClearCacheTopic, new ClearCacheMessage(removedKeys));
-            await WampServers.SubscriptionServer.PublishMessageAsync(IdentityServerTopics.ClearCacheTopic, new ClearCacheMessage(removedKeys));
-            // await SendLogoutMessageAsync(user.Id.ToString(), "Session revoked.");
-            return true;
-        }
-
-        private static string GetHashedKey(string value, string grantType)
-        {
-            return (value + ":" + grantType).Sha256();
-        }
     }
 }