From 665d5f7317dd7ec10950763316b6ca0dee8914f6 Mon Sep 17 00:00:00 2001 From: Otto Richter Date: Sat, 23 Nov 2024 19:49:55 +0100 Subject: [PATCH 1/2] test: Global OAuth should not be deleted Expected to fail: Global (instance-wide) OAuth application should not be deleted, but it is --- .../oauth2_application.yaml | 8 ++++++++ models/auth/oauth2_test.go | 1 + 2 files changed, 9 insertions(+) diff --git a/models/auth/TestOrphanedOAuth2Applications/oauth2_application.yaml b/models/auth/TestOrphanedOAuth2Applications/oauth2_application.yaml index b188770a30..cccb404ab1 100644 --- a/models/auth/TestOrphanedOAuth2Applications/oauth2_application.yaml +++ b/models/auth/TestOrphanedOAuth2Applications/oauth2_application.yaml @@ -23,3 +23,11 @@ redirect_uris: '["http://127.0.0.1", "https://127.0.0.1"]' created_unix: 1712358091 updated_unix: 1712358091 +- + id: 1003 + uid: 0 + name: "Global Auth source that should be kept" + client_id: "2f3467c1-7b3b-463d-ab04-2ae2b2712826" + redirect_uris: '["http://example.com/globalapp", "https://example.com/globalapp"]' + created_unix: 1732387292 + updated_unix: 1732387292 diff --git a/models/auth/oauth2_test.go b/models/auth/oauth2_test.go index 94b506ed48..9b562c8648 100644 --- a/models/auth/oauth2_test.go +++ b/models/auth/oauth2_test.go @@ -296,4 +296,5 @@ func TestOrphanedOAuth2Applications(t *testing.T) { require.NoError(t, err) assert.EqualValues(t, 0, count) unittest.AssertExistsIf(t, false, &auth_model.OAuth2Application{ID: 1002}) + unittest.AssertExistsIf(t, true, &auth_model.OAuth2Application{ID: 1003}) } From 1d5aee6ef80bf6a864a1a9caf4a0f2d7c55ea498 Mon Sep 17 00:00:00 2001 From: Otto Richter Date: Sat, 23 Nov 2024 19:59:25 +0100 Subject: [PATCH 2/2] fix: Do not delete global Oauth2 applications --- models/auth/oauth2.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/models/auth/oauth2.go b/models/auth/oauth2.go index 125d64b36f..9a7854408f 100644 --- a/models/auth/oauth2.go +++ b/models/auth/oauth2.go @@ -657,6 +657,7 @@ func CountOrphanedOAuth2Applications(ctx context.Context) (int64, error) { Table("`oauth2_application`"). Join("LEFT", "`user`", "`oauth2_application`.`uid` = `user`.`id`"). Where(builder.IsNull{"`user`.id"}). + Where(builder.Neq{"uid": 0}). // exclude instance-wide admin applications Where(builder.NotIn("`oauth2_application`.`client_id`", BuiltinApplicationsClientIDs())). Select("COUNT(`oauth2_application`.`id`)"). Count() @@ -668,6 +669,7 @@ func DeleteOrphanedOAuth2Applications(ctx context.Context) (int64, error) { From("`oauth2_application`"). Join("LEFT", "`user`", "`oauth2_application`.`uid` = `user`.`id`"). Where(builder.IsNull{"`user`.id"}). + Where(builder.Neq{"uid": 0}). // exclude instance-wide admin applications Where(builder.NotIn("`oauth2_application`.`client_id`", BuiltinApplicationsClientIDs())) b := builder.Delete(builder.In("id", subQuery)).From("`oauth2_application`")