Fix issue where we didn't delete robots immediately under a namespace
This could result in "hanging" robot accounts, although that would only leak the names of said accounts. Now we delete them immediately AND we proactively delete them before replacing the namespace (just to be sure)
This commit is contained in:
Joseph Schorr
parent
bd1f3e6bb8
commit
f06eec8a35
5 changed files with 132 additions and 10 deletions
|
|
@ -68,7 +68,6 @@ def create_user_noverify(username, email, email_required=True, prompts=tuple(),
|
|||
|
||||
try:
|
||||
existing = User.get((User.username == username) | (User.email == email))
|
||||
|
||||
logger.info('Existing user with same username or email.')
|
||||
|
||||
# A user already exists with either the same username or email
|
||||
|
|
@ -77,11 +76,11 @@ def create_user_noverify(username, email, email_required=True, prompts=tuple(),
|
|||
username)
|
||||
raise InvalidEmailAddressException('Email has already been used: %s' %
|
||||
email)
|
||||
|
||||
except User.DoesNotExist:
|
||||
# This is actually the happy path
|
||||
logger.debug('Email and username are unique!')
|
||||
|
||||
# Create the user.
|
||||
try:
|
||||
default_expr_s = _convert_to_s(config.app_config['DEFAULT_TAG_EXPIRATION'])
|
||||
default_max_builds = config.app_config.get('DEFAULT_NAMESPACE_MAXIMUM_BUILD_COUNT')
|
||||
|
|
@ -970,20 +969,29 @@ def delete_user(user, queues):
|
|||
def _delete_user_linked_data(user):
|
||||
if user.organization:
|
||||
# Delete the organization's teams.
|
||||
for team in Team.select().where(Team.organization == user):
|
||||
team.delete_instance(recursive=True)
|
||||
with db_transaction():
|
||||
for team in Team.select().where(Team.organization == user):
|
||||
team.delete_instance(recursive=True)
|
||||
|
||||
# Delete any OAuth approvals and tokens associated with the user.
|
||||
for app in OAuthApplication.select().where(OAuthApplication.organization == user):
|
||||
app.delete_instance(recursive=True)
|
||||
with db_transaction():
|
||||
for app in OAuthApplication.select().where(OAuthApplication.organization == user):
|
||||
app.delete_instance(recursive=True)
|
||||
else:
|
||||
# Remove the user from any teams in which they are a member.
|
||||
TeamMember.delete().where(TeamMember.user == user).execute()
|
||||
|
||||
# Delete any repository buildtriggers where the user is the connected user.
|
||||
triggers = RepositoryBuildTrigger.select().where(RepositoryBuildTrigger.connected_user == user)
|
||||
for trigger in triggers:
|
||||
trigger.delete_instance(recursive=True, delete_nullable=False)
|
||||
with db_transaction():
|
||||
triggers = RepositoryBuildTrigger.select().where(RepositoryBuildTrigger.connected_user == user)
|
||||
for trigger in triggers:
|
||||
trigger.delete_instance(recursive=True, delete_nullable=False)
|
||||
|
||||
# Delete any robots owned by this user.
|
||||
with db_transaction():
|
||||
robots = list(list_namespace_robots(user.username))
|
||||
for robot in robots:
|
||||
robot.delete_instance(recursive=True, delete_nullable=True)
|
||||
|
||||
# Null out any service key approvals. We technically lose information here, but its better than
|
||||
# falling and only occurs if a superuser is being deleted.
|
||||
|
|
|
|||
Reference in a new issue