From 411a66fa72c2c5dc01a214f0d10af554e70bd573 Mon Sep 17 00:00:00 2001 From: Olivier 'reivilibre Date: Mon, 20 Oct 2025 13:48:49 +0100 Subject: [PATCH] Delete owned PATs & personal sessions when pruning OAuth2 clients --- ...ff670f1b4ba3c56605c53e2b905d7ec38c8be.json | 14 ++++++ ...0034201575a49e0240ac6715b55ad8d381d0e.json | 14 ++++++ crates/storage-pg/src/oauth2/client.rs | 43 +++++++++++++++++++ 3 files changed, 71 insertions(+) create mode 100644 crates/storage-pg/.sqlx/query-2a61003da3655158e6a261d91fdff670f1b4ba3c56605c53e2b905d7ec38c8be.json create mode 100644 crates/storage-pg/.sqlx/query-dca9b361c4409b14498b85f192b0034201575a49e0240ac6715b55ad8d381d0e.json diff --git a/crates/storage-pg/.sqlx/query-2a61003da3655158e6a261d91fdff670f1b4ba3c56605c53e2b905d7ec38c8be.json b/crates/storage-pg/.sqlx/query-2a61003da3655158e6a261d91fdff670f1b4ba3c56605c53e2b905d7ec38c8be.json new file mode 100644 index 000000000..21a67060b --- /dev/null +++ b/crates/storage-pg/.sqlx/query-2a61003da3655158e6a261d91fdff670f1b4ba3c56605c53e2b905d7ec38c8be.json @@ -0,0 +1,14 @@ +{ + "db_name": "PostgreSQL", + "query": "\n DELETE FROM personal_access_tokens\n WHERE personal_session_id IN (\n SELECT personal_session_id\n FROM personal_sessions\n WHERE owner_oauth2_client_id = $1\n )\n ", + "describe": { + "columns": [], + "parameters": { + "Left": [ + "Uuid" + ] + }, + "nullable": [] + }, + "hash": "2a61003da3655158e6a261d91fdff670f1b4ba3c56605c53e2b905d7ec38c8be" +} diff --git a/crates/storage-pg/.sqlx/query-dca9b361c4409b14498b85f192b0034201575a49e0240ac6715b55ad8d381d0e.json b/crates/storage-pg/.sqlx/query-dca9b361c4409b14498b85f192b0034201575a49e0240ac6715b55ad8d381d0e.json new file mode 100644 index 000000000..39447cd10 --- /dev/null +++ b/crates/storage-pg/.sqlx/query-dca9b361c4409b14498b85f192b0034201575a49e0240ac6715b55ad8d381d0e.json @@ -0,0 +1,14 @@ +{ + "db_name": "PostgreSQL", + "query": "\n DELETE FROM personal_sessions\n WHERE owner_oauth2_client_id = $1\n ", + "describe": { + "columns": [], + "parameters": { + "Left": [ + "Uuid" + ] + }, + "nullable": [] + }, + "hash": "dca9b361c4409b14498b85f192b0034201575a49e0240ac6715b55ad8d381d0e" +} diff --git a/crates/storage-pg/src/oauth2/client.rs b/crates/storage-pg/src/oauth2/client.rs index ae7b03ac9..8f7d24224 100644 --- a/crates/storage-pg/src/oauth2/client.rs +++ b/crates/storage-pg/src/oauth2/client.rs @@ -811,6 +811,49 @@ impl OAuth2ClientRepository for PgOAuth2ClientRepository<'_> { .await?; } + // Delete any personal access tokens & sessions owned + // by the client + { + let span = info_span!( + "db.oauth2_client.delete_by_id.personal_access_tokens", + { DB_QUERY_TEXT } = tracing::field::Empty, + ); + + sqlx::query!( + r#" + DELETE FROM personal_access_tokens + WHERE personal_session_id IN ( + SELECT personal_session_id + FROM personal_sessions + WHERE owner_oauth2_client_id = $1 + ) + "#, + Uuid::from(id), + ) + .record(&span) + .execute(&mut *self.conn) + .instrument(span) + .await?; + } + { + let span = info_span!( + "db.oauth2_client.delete_by_id.personal_sessions", + { DB_QUERY_TEXT } = tracing::field::Empty, + ); + + sqlx::query!( + r#" + DELETE FROM personal_sessions + WHERE owner_oauth2_client_id = $1 + "#, + Uuid::from(id), + ) + .record(&span) + .execute(&mut *self.conn) + .instrument(span) + .await?; + } + // Now delete the client itself let res = sqlx::query!( r#"