Delete user related oauth stuff on user deletion too (#19677) (#19680)

Backport (#19677)

* delete user related oauth stuff on user deletion too

* extend doctor check-db-consistency

* make it build for v1.16.x
This commit is contained in:
6543 2022-05-12 13:32:48 +02:00 committed by GitHub
parent 4386eb751f
commit 8f44d00f22
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 0 deletions

View file

@ -13,6 +13,7 @@ import (
_ "image/jpeg" // Needed for jpeg support
asymkey_model "code.gitea.io/gitea/models/asymkey"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
repo_model "code.gitea.io/gitea/models/repo"
user_model "code.gitea.io/gitea/models/user"
@ -83,6 +84,11 @@ func DeleteUser(ctx context.Context, u *user_model.User) (err error) {
}
// ***** END: Follow *****
if _, err := db.GetEngine(ctx).In("grant_id", builder.Select("id").From("oauth2_grant").Where(builder.Eq{"oauth2_grant.user_id": u.ID})).
Delete(&auth_model.OAuth2AuthorizationCode{}); err != nil {
return err
}
if err = deleteBeans(e,
&AccessToken{UID: u.ID},
&Collaboration{UserID: u.ID},
@ -100,6 +106,8 @@ func DeleteUser(ctx context.Context, u *user_model.User) (err error) {
&Collaboration{UserID: u.ID},
&Stopwatch{UserID: u.ID},
&user_model.Setting{UserID: u.ID},
&auth_model.OAuth2Application{UID: u.ID},
&auth_model.OAuth2Grant{UserID: u.ID},
); err != nil {
return fmt.Errorf("deleteBeans: %v", err)
}

View file

@ -186,6 +186,15 @@ func checkDBConsistency(logger log.Logger, autofix bool) error {
// find action without repository
genericOrphanCheck("Action entries without existing repository",
"action", "repository", "action.repo_id=repository.id"),
// find OAuth2Grant without existing user
genericOrphanCheck("Orphaned OAuth2Grant without existing User",
"oauth2_grant", "user", "oauth2_grant.user_id=user.id"),
// find OAuth2Application without existing user
genericOrphanCheck("Orphaned OAuth2Application without existing User",
"oauth2_application", "user", "oauth2_application.uid=user.id"),
// find OAuth2AuthorizationCode without existing OAuth2Grant
genericOrphanCheck("Orphaned OAuth2AuthorizationCode without existing OAuth2Grant",
"oauth2_authorization_code", "oauth2_grant", "oauth2_authorization_code.grant_id=oauth2_grant.id"),
)
for _, c := range consistencyChecks {