From baba1cc02ec3b31614494bf76239f8ddcaff7126 Mon Sep 17 00:00:00 2001 From: Joffrey JAFFEUX Date: Tue, 25 Feb 2020 20:07:57 +0100 Subject: [PATCH] FIX: ensures destroying a user with security keys doesn't fail (#9042) --- app/services/user_destroyer.rb | 1 + spec/models/user_spec.rb | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/app/services/user_destroyer.rb b/app/services/user_destroyer.rb index abb5b9b3ca..7844496362 100644 --- a/app/services/user_destroyer.rb +++ b/app/services/user_destroyer.rb @@ -27,6 +27,7 @@ class UserDestroyer optional_transaction(open_transaction: opts[:transaction]) do + UserSecurityKey.where(user_id: user.id).delete_all Draft.where(user_id: user.id).delete_all Reviewable.where(created_by_id: user.id).delete_all diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index cb79e3856d..ee1bea598a 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -2220,6 +2220,16 @@ describe User do end end + describe "Destroying a user with security key" do + let!(:security_key) { Fabricate(:user_security_key_with_random_credential, user: user) } + fab!(:admin) { Fabricate(:admin) } + + it "removes the security key" do + UserDestroyer.new(admin).destroy(user) + expect(UserSecurityKey.where(user_id: user.id).count).to eq(0) + end + end + describe 'Secure identifier for a user which is a string other than the ID used to identify the user in some cases e.g. security keys' do describe '#create_or_fetch_secure_identifier' do context 'if the user already has a secure identifier' do