RSS Feed/News OAuth tokens aren't removed on account deletion

Status
Not open for further replies.
ENXF NET

ENXF NET

Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
Joined
Nov 13, 2018
Messages
31,083
Points
823

Reputation:

It looks like oauth tokens aren't cleaned up during account deletion.

The User entity's _postDelete() doesn't seem to invoke cleanup on these tables, nor do I see anything in DeleteCleanUpService.php

Tables in question:
  • xf_api_login_token
  • xf_oauth_token
  • xf_oauth_request
  • xf_oauth_refresh_token

Continue reading...
 
Status
Not open for further replies.
Top