From c0042b3184ef664c6fba9736bd5b2c7a4ec43379 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Wed, 11 May 2022 13:16:35 +0200 Subject: [PATCH 1/2] Delete user related oauth stuff on user deletion too (#19677) * delete user related oauth stuff on user deletion too * extend doctor check-db-consistency --- models/auth/oauth2.go | 20 ++++++++++++++++++++ models/user.go | 5 +++++ modules/doctor/dbconsistency.go | 9 +++++++++ 3 files changed, 34 insertions(+) diff --git a/models/auth/oauth2.go b/models/auth/oauth2.go index e7030fce2898..72476f5ffae5 100644 --- a/models/auth/oauth2.go +++ b/models/auth/oauth2.go @@ -5,6 +5,7 @@ package auth import ( + "context" "crypto/sha256" "encoding/base64" "fmt" @@ -18,6 +19,7 @@ import ( uuid "github.com/google/uuid" "golang.org/x/crypto/bcrypt" + "xorm.io/builder" "xorm.io/xorm" ) @@ -562,3 +564,21 @@ func GetActiveOAuth2SourceByName(name string) (*Source, error) { return authSource, nil } + +func DeleteOAuth2RelictsByUserID(ctx context.Context, userID int64) error { + deleteCond := builder.Select("id").From("oauth2_grant").Where(builder.Eq{"oauth2_grant.user_id": userID}) + + if _, err := db.GetEngine(ctx).In("grant_id", deleteCond). + Delete(&OAuth2AuthorizationCode{}); err != nil { + return err + } + + if err := db.DeleteBeans(ctx, + &OAuth2Application{UID: userID}, + &OAuth2Grant{UserID: userID}, + ); err != nil { + return fmt.Errorf("DeleteBeans: %v", err) + } + + return nil +} diff --git a/models/user.go b/models/user.go index b234ed6cc8c8..72a34fd10309 100644 --- a/models/user.go +++ b/models/user.go @@ -13,6 +13,7 @@ import ( _ "image/jpeg" // Needed for jpeg support asymkey_model "code.gitea.io/gitea/models/asymkey" + auth_model "code.gitea.io/gitea/models/auth" "code.gitea.io/gitea/models/db" repo_model "code.gitea.io/gitea/models/repo" user_model "code.gitea.io/gitea/models/user" @@ -104,6 +105,10 @@ func DeleteUser(ctx context.Context, u *user_model.User) (err error) { return fmt.Errorf("deleteBeans: %v", err) } + if err := auth_model.DeleteOAuth2RelictsByUserID(ctx, u.ID); err != nil { + return err + } + if setting.Service.UserDeleteWithCommentsMaxTime != 0 && u.CreatedUnix.AsTime().Add(setting.Service.UserDeleteWithCommentsMaxTime).After(time.Now()) { diff --git a/modules/doctor/dbconsistency.go b/modules/doctor/dbconsistency.go index a7c8312e0719..53c988897cd6 100644 --- a/modules/doctor/dbconsistency.go +++ b/modules/doctor/dbconsistency.go @@ -186,6 +186,15 @@ func checkDBConsistency(logger log.Logger, autofix bool) error { // find action without repository genericOrphanCheck("Action entries without existing repository", "action", "repository", "action.repo_id=repository.id"), + // find OAuth2Grant without existing user + genericOrphanCheck("Orphaned OAuth2Grant without existing User", + "oauth2_grant", "user", "oauth2_grant.user_id=user.id"), + // find OAuth2Application without existing user + genericOrphanCheck("Orphaned OAuth2Application without existing User", + "oauth2_application", "user", "oauth2_application.uid=user.id"), + // find OAuth2AuthorizationCode without existing OAuth2Grant + genericOrphanCheck("Orphaned OAuth2AuthorizationCode without existing OAuth2Grant", + "oauth2_authorization_code", "oauth2_grant", "oauth2_authorization_code.grant_id=oauth2_grant.id"), ) for _, c := range consistencyChecks { From f334c0a7fcb97b20f09a05a1412ef834c63de171 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Wed, 11 May 2022 23:59:42 +0200 Subject: [PATCH 2/2] make it build for v1.16.x --- models/auth/oauth2.go | 20 -------------------- models/user.go | 11 +++++++---- 2 files changed, 7 insertions(+), 24 deletions(-) diff --git a/models/auth/oauth2.go b/models/auth/oauth2.go index 72476f5ffae5..e7030fce2898 100644 --- a/models/auth/oauth2.go +++ b/models/auth/oauth2.go @@ -5,7 +5,6 @@ package auth import ( - "context" "crypto/sha256" "encoding/base64" "fmt" @@ -19,7 +18,6 @@ import ( uuid "github.com/google/uuid" "golang.org/x/crypto/bcrypt" - "xorm.io/builder" "xorm.io/xorm" ) @@ -564,21 +562,3 @@ func GetActiveOAuth2SourceByName(name string) (*Source, error) { return authSource, nil } - -func DeleteOAuth2RelictsByUserID(ctx context.Context, userID int64) error { - deleteCond := builder.Select("id").From("oauth2_grant").Where(builder.Eq{"oauth2_grant.user_id": userID}) - - if _, err := db.GetEngine(ctx).In("grant_id", deleteCond). - Delete(&OAuth2AuthorizationCode{}); err != nil { - return err - } - - if err := db.DeleteBeans(ctx, - &OAuth2Application{UID: userID}, - &OAuth2Grant{UserID: userID}, - ); err != nil { - return fmt.Errorf("DeleteBeans: %v", err) - } - - return nil -} diff --git a/models/user.go b/models/user.go index 72a34fd10309..51ee740c8d34 100644 --- a/models/user.go +++ b/models/user.go @@ -84,6 +84,11 @@ func DeleteUser(ctx context.Context, u *user_model.User) (err error) { } // ***** END: Follow ***** + if _, err := db.GetEngine(ctx).In("grant_id", builder.Select("id").From("oauth2_grant").Where(builder.Eq{"oauth2_grant.user_id": u.ID})). + Delete(&auth_model.OAuth2AuthorizationCode{}); err != nil { + return err + } + if err = deleteBeans(e, &AccessToken{UID: u.ID}, &Collaboration{UserID: u.ID}, @@ -101,14 +106,12 @@ func DeleteUser(ctx context.Context, u *user_model.User) (err error) { &Collaboration{UserID: u.ID}, &Stopwatch{UserID: u.ID}, &user_model.Setting{UserID: u.ID}, + &auth_model.OAuth2Application{UID: u.ID}, + &auth_model.OAuth2Grant{UserID: u.ID}, ); err != nil { return fmt.Errorf("deleteBeans: %v", err) } - if err := auth_model.DeleteOAuth2RelictsByUserID(ctx, u.ID); err != nil { - return err - } - if setting.Service.UserDeleteWithCommentsMaxTime != 0 && u.CreatedUnix.AsTime().Add(setting.Service.UserDeleteWithCommentsMaxTime).After(time.Now()) {