mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-27 07:54:34 +01:00
Delete user related oauth stuff on user deletion too (#19677)
* delete user related oauth stuff on user deletion too * extend doctor check-db-consistency
This commit is contained in:
parent
cbd45471b1
commit
f41c2bec4c
3 changed files with 34 additions and 0 deletions
|
@ -5,6 +5,7 @@
|
||||||
package auth
|
package auth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
"encoding/base32"
|
"encoding/base32"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
|
@ -18,6 +19,7 @@ import (
|
||||||
|
|
||||||
uuid "github.com/google/uuid"
|
uuid "github.com/google/uuid"
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
|
"xorm.io/builder"
|
||||||
"xorm.io/xorm"
|
"xorm.io/xorm"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -576,3 +578,21 @@ func GetActiveOAuth2SourceByName(name string) (*Source, error) {
|
||||||
|
|
||||||
return authSource, nil
|
return authSource, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func DeleteOAuth2RelictsByUserID(ctx context.Context, userID int64) error {
|
||||||
|
deleteCond := builder.Select("id").From("oauth2_grant").Where(builder.Eq{"oauth2_grant.user_id": userID})
|
||||||
|
|
||||||
|
if _, err := db.GetEngine(ctx).In("grant_id", deleteCond).
|
||||||
|
Delete(&OAuth2AuthorizationCode{}); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := db.DeleteBeans(ctx,
|
||||||
|
&OAuth2Application{UID: userID},
|
||||||
|
&OAuth2Grant{UserID: userID},
|
||||||
|
); err != nil {
|
||||||
|
return fmt.Errorf("DeleteBeans: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
|
@ -13,6 +13,7 @@ import (
|
||||||
_ "image/jpeg" // Needed for jpeg support
|
_ "image/jpeg" // Needed for jpeg support
|
||||||
|
|
||||||
asymkey_model "code.gitea.io/gitea/models/asymkey"
|
asymkey_model "code.gitea.io/gitea/models/asymkey"
|
||||||
|
auth_model "code.gitea.io/gitea/models/auth"
|
||||||
"code.gitea.io/gitea/models/db"
|
"code.gitea.io/gitea/models/db"
|
||||||
"code.gitea.io/gitea/models/issues"
|
"code.gitea.io/gitea/models/issues"
|
||||||
"code.gitea.io/gitea/models/organization"
|
"code.gitea.io/gitea/models/organization"
|
||||||
|
@ -89,6 +90,10 @@ func DeleteUser(ctx context.Context, u *user_model.User) (err error) {
|
||||||
return fmt.Errorf("deleteBeans: %v", err)
|
return fmt.Errorf("deleteBeans: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if err := auth_model.DeleteOAuth2RelictsByUserID(ctx, u.ID); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
if setting.Service.UserDeleteWithCommentsMaxTime != 0 &&
|
if setting.Service.UserDeleteWithCommentsMaxTime != 0 &&
|
||||||
u.CreatedUnix.AsTime().Add(setting.Service.UserDeleteWithCommentsMaxTime).After(time.Now()) {
|
u.CreatedUnix.AsTime().Add(setting.Service.UserDeleteWithCommentsMaxTime).After(time.Now()) {
|
||||||
|
|
||||||
|
|
|
@ -186,6 +186,15 @@ func checkDBConsistency(ctx context.Context, logger log.Logger, autofix bool) er
|
||||||
// find action without repository
|
// find action without repository
|
||||||
genericOrphanCheck("Action entries without existing repository",
|
genericOrphanCheck("Action entries without existing repository",
|
||||||
"action", "repository", "action.repo_id=repository.id"),
|
"action", "repository", "action.repo_id=repository.id"),
|
||||||
|
// find OAuth2Grant without existing user
|
||||||
|
genericOrphanCheck("Orphaned OAuth2Grant without existing User",
|
||||||
|
"oauth2_grant", "user", "oauth2_grant.user_id=user.id"),
|
||||||
|
// find OAuth2Application without existing user
|
||||||
|
genericOrphanCheck("Orphaned OAuth2Application without existing User",
|
||||||
|
"oauth2_application", "user", "oauth2_application.uid=user.id"),
|
||||||
|
// find OAuth2AuthorizationCode without existing OAuth2Grant
|
||||||
|
genericOrphanCheck("Orphaned OAuth2AuthorizationCode without existing OAuth2Grant",
|
||||||
|
"oauth2_authorization_code", "oauth2_grant", "oauth2_authorization_code.grant_id=oauth2_grant.id"),
|
||||||
)
|
)
|
||||||
|
|
||||||
for _, c := range consistencyChecks {
|
for _, c := range consistencyChecks {
|
||||||
|
|
Loading…
Reference in a new issue