How can one invalidate Client tokens?

hello community,

a computer of one of our users was stolen. on that computer a Seafile client is installed and associated with a user account on a Seafile server instance that we are responsible for. the device’s mass storage isn’t encrypted and due to the device’s designated use-case the user account of the OS isn’t password protected.

now, obviously we would like to revoke the token that the client is authenticating with. is that possible with the web interface? or could anyone hint me at the significant parts of the database table?

has anyone ever formalized how such situation is handled within an institution?

i tried my luck by following the hints in this section of the manual.

the results are again rather confusing than helpful, here are my observations after i deleted the tokens that were associated with a specific client i had set up for testing:

  • for a while a non-related error message appeared for synchronized library in the client
  • the client still shows all libraries
  • after a while the error message disappeared and the green cloud was displayed again
  • the device isn’t listed in the RepoTokenPeerInfo table
  • when adding an object to the local folder, a related error message appears stating that the server refuses access
  • one can still download objects via the “Seafile-Filebrowser”
  • one can still click on the header to gain access to the web-interface w/o providing credentials
  • a re-sync of the library is successful

so far i have only superficially inspected the databases and can’t make out a table by name where client-related information might be stored beyond RepoTokenPeerInfo and RepoUserToken.

Did you try: Login to the web interface => System Admin => Devices => Unlink


thanks for the hint, but that doesn’t seem to be available with the version 8.0.5 that we are running.

Checked with a user account on a 7.1 pro server. => Linked devices => unlink

“works for me™”

Thanks for checking. Possibly a “pro” feature not available in the “community edition”…

Downgraded my 9.0.15 pro test instance to 9.0.10 CE => I still can unlink devices!

Please be advised: the icon only appears as an “on mouse over” event.

Thank you for the downgrade test, very appreciated!
In two different browsers I only get a grey highlight bar ‘on mouse over’ in the SysAdmin panel “Devices” . No trashcan whatsoever.

it’s a good idea for institutions to have a policy in place for situations such as these, so that all staff know what to do and how to handle the situation.

i see that the two mouse-hovering related events are listened to on the tr element that contains the information about a particular device with the Firefox developer tools. yet, nothing happens on onMouseEnter. the registered listeners are from /media/assets/frontened/static/js/sysAdmin.chunk.….js and seemingly are supposed to toogle the display of one or more icons:

function() {
    isOpIconShown: !0

inspecting with the Chromium developer tools, no event listener seems to be attached to that element at all.