From 8f44d00f229d0a3f1ca2571444e9fb87c8e75812 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Thu, 12 May 2022 13:32:48 +0200 Subject: [PATCH] Delete user related oauth stuff on user deletion too (#19677) (#19680) Backport (#19677) * delete user related oauth stuff on user deletion too * extend doctor check-db-consistency * make it build for v1.16.x --- models/user.go | 8 ++++++++ modules/doctor/dbconsistency.go | 9 +++++++++ 2 files changed, 17 insertions(+) diff --git a/models/user.go b/models/user.go index b234ed6cc8c8..51ee740c8d34 100644 --- a/models/user.go +++ b/models/user.go @@ -13,6 +13,7 @@ import ( _ "image/jpeg" // Needed for jpeg support asymkey_model "code.gitea.io/gitea/models/asymkey" + auth_model "code.gitea.io/gitea/models/auth" "code.gitea.io/gitea/models/db" repo_model "code.gitea.io/gitea/models/repo" user_model "code.gitea.io/gitea/models/user" @@ -83,6 +84,11 @@ func DeleteUser(ctx context.Context, u *user_model.User) (err error) { } // ***** END: Follow ***** + if _, err := db.GetEngine(ctx).In("grant_id", builder.Select("id").From("oauth2_grant").Where(builder.Eq{"oauth2_grant.user_id": u.ID})). + Delete(&auth_model.OAuth2AuthorizationCode{}); err != nil { + return err + } + if err = deleteBeans(e, &AccessToken{UID: u.ID}, &Collaboration{UserID: u.ID}, @@ -100,6 +106,8 @@ func DeleteUser(ctx context.Context, u *user_model.User) (err error) { &Collaboration{UserID: u.ID}, &Stopwatch{UserID: u.ID}, &user_model.Setting{UserID: u.ID}, + &auth_model.OAuth2Application{UID: u.ID}, + &auth_model.OAuth2Grant{UserID: u.ID}, ); err != nil { return fmt.Errorf("deleteBeans: %v", err) } diff --git a/modules/doctor/dbconsistency.go b/modules/doctor/dbconsistency.go index a7c8312e0719..53c988897cd6 100644 --- a/modules/doctor/dbconsistency.go +++ b/modules/doctor/dbconsistency.go @@ -186,6 +186,15 @@ func checkDBConsistency(logger log.Logger, autofix bool) error { // find action without repository genericOrphanCheck("Action entries without existing repository", "action", "repository", "action.repo_id=repository.id"), + // find OAuth2Grant without existing user + genericOrphanCheck("Orphaned OAuth2Grant without existing User", + "oauth2_grant", "user", "oauth2_grant.user_id=user.id"), + // find OAuth2Application without existing user + genericOrphanCheck("Orphaned OAuth2Application without existing User", + "oauth2_application", "user", "oauth2_application.uid=user.id"), + // find OAuth2AuthorizationCode without existing OAuth2Grant + genericOrphanCheck("Orphaned OAuth2AuthorizationCode without existing OAuth2Grant", + "oauth2_authorization_code", "oauth2_grant", "oauth2_authorization_code.grant_id=oauth2_grant.id"), ) for _, c := range consistencyChecks {