From 5df4097aa023dc7b3883d49be04d1c37181856af Mon Sep 17 00:00:00 2001 From: dhingey Date: Wed, 9 Jul 2014 00:32:44 -0700 Subject: [PATCH 1/2] Add OAuth.deleteUserData method Removes the user's oAuthId-to-uid mapping from Redis upon user deletion. This fixes an issue where OAuth services could not link to a user if a user account was deleted and then re-created. --- library.js | 22 ++++++++++++++++++++++ plugin.json | 1 + 2 files changed, 23 insertions(+) diff --git a/library.js b/library.js index 82e557e..813f216 100644 --- a/library.js +++ b/library.js @@ -232,5 +232,27 @@ }); }; + OAuth.deleteUserData = function(uid) { + db.getObject('oAuthid:uid', function(err, oAuthData) { + if (err) { + winston.error('Could not fetch OAuthId data from Redis. Error: ' + err); + } + var oAuthIdToDelete; + for (var oAuthId in oAuthData) { + if (oAuthData.hasOwnProperty(oAuthId) && oAuthData[oAuthId] === uid) { + oAuthIdToDelete = oAuthId; + } + } + if (typeof oAuthIdToDelete !== 'undefined') { + // Delete the oAuthId-to-uid mapping for the user + db.deleteObjectField('oAuthid:uid', oAuthIdToDelete, function(err, numDeletes) { + if (err) { + winston.error('Could not remove OAuthId data for uid ' + uid + '. Error: ' + err); + } + }); + } + }); + }; + module.exports = OAuth; }(module)); \ No newline at end of file diff --git a/plugin.json b/plugin.json index ead46d0..687b124 100644 --- a/plugin.json +++ b/plugin.json @@ -6,6 +6,7 @@ "library": "./library.js", "hooks": [ { "hook": "action:app.load", "method": "init" }, + { "hook": "action:user.delete", "method": "deleteUserData" }, { "hook": "filter:auth.init", "method": "getStrategy" }, { "hook": "filter:admin.header.build", "method": "addMenuItem" } ], From 327a84f222dcd95388625238a094242ed766563d Mon Sep 17 00:00:00 2001 From: dhingey Date: Thu, 10 Jul 2014 00:22:44 -0700 Subject: [PATCH 2/2] Fix OAuth.deleteUserData to use filter hook The action:user.create hook in NodeBB was recently changed to filter.user:create, which allows the OAuth.deleteUserData method to remove OAuth data for the user more directly. --- library.js | 28 +++++++++++----------------- plugin.json | 2 +- 2 files changed, 12 insertions(+), 18 deletions(-) diff --git a/library.js b/library.js index 813f216..8aa7d1b 100644 --- a/library.js +++ b/library.js @@ -9,6 +9,7 @@ path = module.parent.require('path'), nconf = module.parent.require('nconf'), winston = module.parent.require('winston'), + async = module.parent.require('async'), passportOAuth; var constants = Object.freeze({ @@ -232,25 +233,18 @@ }); }; - OAuth.deleteUserData = function(uid) { - db.getObject('oAuthid:uid', function(err, oAuthData) { + OAuth.deleteUserData = function(uid, callback) { + async.waterfall([ + async.apply(User.getUserField, uid, 'oAuthid'), + function(oAuthIdToDelete, next) { + db.deleteObjectField('oAuthid:uid', oAuthIdToDelete, next); + } + ], function(err) { if (err) { - winston.error('Could not fetch OAuthId data from Redis. Error: ' + err); - } - var oAuthIdToDelete; - for (var oAuthId in oAuthData) { - if (oAuthData.hasOwnProperty(oAuthId) && oAuthData[oAuthId] === uid) { - oAuthIdToDelete = oAuthId; - } - } - if (typeof oAuthIdToDelete !== 'undefined') { - // Delete the oAuthId-to-uid mapping for the user - db.deleteObjectField('oAuthid:uid', oAuthIdToDelete, function(err, numDeletes) { - if (err) { - winston.error('Could not remove OAuthId data for uid ' + uid + '. Error: ' + err); - } - }); + winston.error('Could not remove OAuthId data for uid ' + uid + '. Error: ' + err); + return callback(err); } + callback(); }); }; diff --git a/plugin.json b/plugin.json index 687b124..f627401 100644 --- a/plugin.json +++ b/plugin.json @@ -6,7 +6,7 @@ "library": "./library.js", "hooks": [ { "hook": "action:app.load", "method": "init" }, - { "hook": "action:user.delete", "method": "deleteUserData" }, + { "hook": "filter:user.delete", "method": "deleteUserData" }, { "hook": "filter:auth.init", "method": "getStrategy" }, { "hook": "filter:admin.header.build", "method": "addMenuItem" } ],