Skip to content

Commit

Permalink
Merge pull request #2514 from alphagov/handle-retired-apps-in-expired…
Browse files Browse the repository at this point in the history
…-oauth-access-records-deleter

Handle retired apps when deleting expired grants/tokens
  • Loading branch information
chrisroos authored Nov 14, 2023
2 parents c59965a + 1999583 commit a77ce53
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/expired_oauth_access_records_deleter.rb
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ def initialize(record_type:)

def delete_expired
@record_class.expired.in_batches do |relation|
records_by_user_id = relation.includes(:application).group_by(&:resource_owner_id)
records_by_user_id = Doorkeeper::Application.unscoped { relation.includes(:application).group_by(&:resource_owner_id) }
all_users = User.where(id: records_by_user_id.keys)

all_users.each do |user|
Expand Down
26 changes: 26 additions & 0 deletions test/lib/expired_oauth_access_records_deleter_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,19 @@ class ExpiredOauthAccessRecordsDeleterTest < ActiveSupport::TestCase
assert_equal [one_hour_grant], Doorkeeper::AccessGrant.where(resource_owner_id: user.id)
end

should "delete expired `Doorkeeper::AccessGrant`s for retired applications" do
user = create(:user)
grant = create(:access_grant, resource_owner_id: user.id, expires_in: 0)
grant.application.update!(retired: true)

Timecop.travel(5.minutes.from_now)

deleter = ExpiredOauthAccessRecordsDeleter.new(record_type: :access_grant)
deleter.delete_expired

assert_equal [], Doorkeeper::AccessGrant.where(resource_owner_id: user.id)
end

should "provide a count of the total number of records deleted" do
user = create(:user)
create(:access_grant, resource_owner_id: user.id, expires_in: 0)
Expand Down Expand Up @@ -60,6 +73,19 @@ class ExpiredOauthAccessRecordsDeleterTest < ActiveSupport::TestCase
assert_equal [one_hour_token], user.authorisations
end

should "delete expired `Doorkeeper::AccessToken`s for retired applications" do
user = create(:user)
token = create(:access_token, resource_owner_id: user.id, expires_in: 0)
token.application.update!(retired: true)

Timecop.travel(5.minutes.from_now)

deleter = ExpiredOauthAccessRecordsDeleter.new(record_type: :access_token)
deleter.delete_expired

assert_equal [], user.authorisations
end

should "provide a count of the total number of records deleted" do
user = create(:user)
create(:access_token, resource_owner_id: user.id, expires_in: 0)
Expand Down

0 comments on commit a77ce53

Please sign in to comment.