From a3c917b1c1a17717db5298b393e416f5967959b9 Mon Sep 17 00:00:00 2001 From: Otto Richter Date: Sat, 23 Nov 2024 19:49:55 +0100 Subject: [PATCH 1/2] test: Global OAuth should not be deleted Expected to fail: Global (instance-wide) OAuth application should not be deleted, but it is (cherry picked from commit 665d5f7317dd7ec10950763316b6ca0dee8914f6) --- .../oauth2_application.yaml | 8 ++++++++ models/auth/oauth2_test.go | 1 + 2 files changed, 9 insertions(+) diff --git a/models/auth/TestOrphanedOAuth2Applications/oauth2_application.yaml b/models/auth/TestOrphanedOAuth2Applications/oauth2_application.yaml index b188770a30..cccb404ab1 100644 --- a/models/auth/TestOrphanedOAuth2Applications/oauth2_application.yaml +++ b/models/auth/TestOrphanedOAuth2Applications/oauth2_application.yaml @@ -23,3 +23,11 @@ redirect_uris: '["http://127.0.0.1", "https://127.0.0.1"]' created_unix: 1712358091 updated_unix: 1712358091 +- + id: 1003 + uid: 0 + name: "Global Auth source that should be kept" + client_id: "2f3467c1-7b3b-463d-ab04-2ae2b2712826" + redirect_uris: '["http://example.com/globalapp", "https://example.com/globalapp"]' + created_unix: 1732387292 + updated_unix: 1732387292 diff --git a/models/auth/oauth2_test.go b/models/auth/oauth2_test.go index 03c85eb44c..3ed78ae36d 100644 --- a/models/auth/oauth2_test.go +++ b/models/auth/oauth2_test.go @@ -296,4 +296,5 @@ func TestOrphanedOAuth2Applications(t *testing.T) { require.NoError(t, err) assert.EqualValues(t, 0, count) unittest.AssertExistsIf(t, false, &auth_model.OAuth2Application{ID: 1002}) + unittest.AssertExistsIf(t, true, &auth_model.OAuth2Application{ID: 1003}) } From 2d756783035ed9dab4286349cd801b878f5c1aa6 Mon Sep 17 00:00:00 2001 From: Otto Richter Date: Sat, 23 Nov 2024 19:59:25 +0100 Subject: [PATCH 2/2] fix: Do not delete global Oauth2 applications (cherry picked from commit 1d5aee6ef80bf6a864a1a9caf4a0f2d7c55ea498) --- models/auth/oauth2.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/models/auth/oauth2.go b/models/auth/oauth2.go index 83d60e3abe..3c9a7ee2e7 100644 --- a/models/auth/oauth2.go +++ b/models/auth/oauth2.go @@ -651,6 +651,7 @@ func CountOrphanedOAuth2Applications(ctx context.Context) (int64, error) { Table("`oauth2_application`"). Join("LEFT", "`user`", "`oauth2_application`.`uid` = `user`.`id`"). Where(builder.IsNull{"`user`.id"}). + Where(builder.Neq{"uid": 0}). // exclude instance-wide admin applications Where(builder.NotIn("`oauth2_application`.`client_id`", BuiltinApplicationsClientIDs())). Select("COUNT(`oauth2_application`.`id`)"). Count() @@ -662,6 +663,7 @@ func DeleteOrphanedOAuth2Applications(ctx context.Context) (int64, error) { From("`oauth2_application`"). Join("LEFT", "`user`", "`oauth2_application`.`uid` = `user`.`id`"). Where(builder.IsNull{"`user`.id"}). + Where(builder.Neq{"uid": 0}). // exclude instance-wide admin applications Where(builder.NotIn("`oauth2_application`.`client_id`", BuiltinApplicationsClientIDs())) b := builder.Delete(builder.In("id", subQuery)).From("`oauth2_application`")