fix: Improved handling of authentication edge-cases (#2023)

* fix: authentication records not cleaned up for deleted user closes #2022 * fix: Improve debugging for duplicate providerId sign-in requests
2021-04-11 19:39:31 -07:00
parent bc4fe05147
commit 62f9262b2c
4 changed files with 92 additions and 5 deletions
--- a/server/models/User.js
+++ b/server/models/User.js
@@ -10,6 +10,7 @@ import { sendEmail } from "../mailer";
 import { DataTypes, sequelize, encryptedFields, Op } from "../sequelize";
 import { DEFAULT_AVATAR_HOST } from "../utils/avatars";
 import { publicS3Endpoint, uploadToS3FromUrl } from "../utils/s3";
+import UserAuthentication from "./UserAuthentication";
 import { Star, Team, Collection, NotificationSetting, ApiKey } from ".";

 const User = sequelize.define(
@@ -208,6 +209,10 @@ const removeIdentifyingInfo = async (model, options) => {
    where: { userId: model.id },
    transaction: options.transaction,
  });
+  await UserAuthentication.destroy({
+    where: { userId: model.id },
+    transaction: options.transaction,
+  });

  model.email = null;
  model.name = "Unknown";
--- a/server/models/User.test.js
+++ b/server/models/User.test.js
@@ -1,11 +1,21 @@
 // @flow
-import { CollectionUser } from "../models";
+import { UserAuthentication, CollectionUser } from "../models";
 import { buildUser, buildTeam, buildCollection } from "../test/factories";
 import { flushdb } from "../test/support";

 beforeEach(() => flushdb());

 describe("user model", () => {
+  describe("destroy", () => {
+    it("should delete user authentications", async () => {
+      const user = await buildUser();
+      expect(await UserAuthentication.count()).toBe(1);
+
+      await user.destroy();
+      expect(await UserAuthentication.count()).toBe(0);
+    });
+  });
+
  describe("getJwtToken", () => {
    it("should set JWT secret", async () => {
      const user = await buildUser();