Delete user related oauth stuff on user deletion too (#19677)

* delete user related oauth stuff on user deletion too

* extend doctor check-db-consistency
tokarchuk/v1.17
6543 3 years ago committed by GitHub
parent cbd45471b1
commit f41c2bec4c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 20
      models/auth/oauth2.go
  2. 5
      models/user.go
  3. 9
      modules/doctor/dbconsistency.go

@ -5,6 +5,7 @@
package auth package auth
import ( import (
"context"
"crypto/sha256" "crypto/sha256"
"encoding/base32" "encoding/base32"
"encoding/base64" "encoding/base64"
@ -18,6 +19,7 @@ import (
uuid "github.com/google/uuid" uuid "github.com/google/uuid"
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
"xorm.io/builder"
"xorm.io/xorm" "xorm.io/xorm"
) )
@ -576,3 +578,21 @@ func GetActiveOAuth2SourceByName(name string) (*Source, error) {
return authSource, nil return authSource, nil
} }
func DeleteOAuth2RelictsByUserID(ctx context.Context, userID int64) error {
deleteCond := builder.Select("id").From("oauth2_grant").Where(builder.Eq{"oauth2_grant.user_id": userID})
if _, err := db.GetEngine(ctx).In("grant_id", deleteCond).
Delete(&OAuth2AuthorizationCode{}); err != nil {
return err
}
if err := db.DeleteBeans(ctx,
&OAuth2Application{UID: userID},
&OAuth2Grant{UserID: userID},
); err != nil {
return fmt.Errorf("DeleteBeans: %v", err)
}
return nil
}

@ -13,6 +13,7 @@ import (
_ "image/jpeg" // Needed for jpeg support _ "image/jpeg" // Needed for jpeg support
asymkey_model "code.gitea.io/gitea/models/asymkey" asymkey_model "code.gitea.io/gitea/models/asymkey"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/issues" "code.gitea.io/gitea/models/issues"
"code.gitea.io/gitea/models/organization" "code.gitea.io/gitea/models/organization"
@ -89,6 +90,10 @@ func DeleteUser(ctx context.Context, u *user_model.User) (err error) {
return fmt.Errorf("deleteBeans: %v", err) return fmt.Errorf("deleteBeans: %v", err)
} }
if err := auth_model.DeleteOAuth2RelictsByUserID(ctx, u.ID); err != nil {
return err
}
if setting.Service.UserDeleteWithCommentsMaxTime != 0 && if setting.Service.UserDeleteWithCommentsMaxTime != 0 &&
u.CreatedUnix.AsTime().Add(setting.Service.UserDeleteWithCommentsMaxTime).After(time.Now()) { u.CreatedUnix.AsTime().Add(setting.Service.UserDeleteWithCommentsMaxTime).After(time.Now()) {

@ -186,6 +186,15 @@ func checkDBConsistency(ctx context.Context, logger log.Logger, autofix bool) er
// find action without repository // find action without repository
genericOrphanCheck("Action entries without existing repository", genericOrphanCheck("Action entries without existing repository",
"action", "repository", "action.repo_id=repository.id"), "action", "repository", "action.repo_id=repository.id"),
// find OAuth2Grant without existing user
genericOrphanCheck("Orphaned OAuth2Grant without existing User",
"oauth2_grant", "user", "oauth2_grant.user_id=user.id"),
// find OAuth2Application without existing user
genericOrphanCheck("Orphaned OAuth2Application without existing User",
"oauth2_application", "user", "oauth2_application.uid=user.id"),
// find OAuth2AuthorizationCode without existing OAuth2Grant
genericOrphanCheck("Orphaned OAuth2AuthorizationCode without existing OAuth2Grant",
"oauth2_authorization_code", "oauth2_grant", "oauth2_authorization_code.grant_id=oauth2_grant.id"),
) )
for _, c := range consistencyChecks { for _, c := range consistencyChecks {

Loading…
Cancel
Save