fix(core): Delete user sessions & token upon user-deletion (#2241)

This applies to both admins and regular users.
vendure-ecommerce · Jul 4, 2023 · b989607 · b989607
1 parent 3fb7bb9
commit b989607
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/packages/core/src/service/services/user.service.ts b/packages/core/src/service/services/user.service.ts
@@ -1,4 +1,5 @@
 import { Injectable } from '@nestjs/common';
+import { ModuleRef } from '@nestjs/core';
 import { VerifyCustomerAccountResult } from '@vendure/common/lib/generated-shop-types';
 import { ID } from '@vendure/common/lib/shared-types';
 
@@ -41,6 +42,7 @@ export class UserService {
         private roleService: RoleService,
         private passwordCipher: PasswordCipher,
         private verificationTokenGenerator: VerificationTokenGenerator,
+        private moduleRef: ModuleRef,
     ) {}
 
     async getUserById(ctx: RequestContext, userId: ID): Promise<User | undefined> {
@@ -170,6 +172,10 @@ export class UserService {
     }
 
     async softDelete(ctx: RequestContext, userId: ID) {
+        // Dynamic import to avoid the circular dependency of SessionService
+        await this.moduleRef
+            .get((await import('./session.service.js')).SessionService)
+            .deleteSessionsByUser(ctx, new User({ id: userId }));
         await this.connection.getEntityOrThrow(ctx, User, userId);
         await this.connection.getRepository(ctx, User).update({ id: userId }, { deletedAt: new Date() });
     }