Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(core): Delete user sessions & token upon user-deletion #2241

Merged
merged 1 commit into from
Jul 4, 2023
+6 −0
Merged

fix(core): Delete user sessions & token upon user-deletion #2241

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions packages/core/src/service/services/user.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import { Injectable } from '@nestjs/common';
import { ModuleRef } from '@nestjs/core';
import { VerifyCustomerAccountResult } from '@vendure/common/lib/generated-shop-types';
import { ID } from '@vendure/common/lib/shared-types';

Expand Down Expand Up @@ -41,6 +42,7 @@ export class UserService {
private roleService: RoleService,
private passwordCipher: PasswordCipher,
private verificationTokenGenerator: VerificationTokenGenerator,
private moduleRef: ModuleRef,
) {}

async getUserById(ctx: RequestContext, userId: ID): Promise<User | undefined> {
Expand Down Expand Up @@ -170,6 +172,10 @@ export class UserService {
}

async softDelete(ctx: RequestContext, userId: ID) {
// Dynamic import to avoid the circular dependency of SessionService
await this.moduleRef
.get((await import('./session.service.js')).SessionService)
.deleteSessionsByUser(ctx, new User({ id: userId }));
Comment on lines +175 to +178
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@michaelbromley For now I just constructed the User to be able to use the deleteSessionsByUser function - it might be cleaner to refactor? The deletion function only uses the userId anyway. Whats your more experienced-perspective on this? Cheers.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I agree it makes more sense for that deleteSessionsByUser to just take an ID rather than the User object. But since that's a public method, I would err on the side of caution and not change the signature in a breaking way. We could overload it so it can take a User object or an ID though, which would be a backward-compatible change.

await this.connection.getEntityOrThrow(ctx, User, userId);
await this.connection.getRepository(ctx, User).update({ id: userId }, { deletedAt: new Date() });
}
Expand Down