launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~cjwatson/launchpad:close-account-oauth-tokens into launchpad:master

To: mp+379618@xxxxxxxxxxxxxxxxxx
From: Colin Watson <cjwatson@xxxxxxxxxxxxx>
Date: Fri, 21 Feb 2020 10:38:30 -0000
Reply-to: mp+379618@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Colin Watson has proposed merging ~cjwatson/launchpad:close-account-oauth-tokens into launchpad:master.

Commit message:
Handle OAuth tokens in close-account

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/379618

Just like login tokens, OAuth request and access tokens are no longer interesting if the user can no longer log in, so just remove them.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:close-account-oauth-tokens into launchpad:master.

diff --git a/lib/lp/registry/scripts/closeaccount.py b/lib/lp/registry/scripts/closeaccount.py
index 711f8b6..faf5056 100644
--- a/lib/lp/registry/scripts/closeaccount.py
+++ b/lib/lp/registry/scripts/closeaccount.py
@@ -1,4 +1,4 @@
-# Copyright 2009-2019 Canonical Ltd.  This software is licensed under the
+# Copyright 2009-2020 Canonical Ltd.  This software is licensed under the
 # GNU Affero General Public License version 3 (see the file LICENSE).
 
 """Remove personal details of a user from the database, leaving a stub."""
@@ -262,9 +262,11 @@ def close_account(username, log):
         # concerned with being removed from our systems.
         ('EmailAddress', 'person'),
 
-        # Login tokens are no longer interesting if the user can no longer
-        # log in.
+        # Login and OAuth tokens are no longer interesting if the user can
+        # no longer log in.
         ('LoginToken', 'requester'),
+        ('OAuthAccessToken', 'person'),
+        ('OAuthRequestToken', 'person'),
 
         # Trash their codes of conduct and GPG keys
         ('SignedCodeOfConduct', 'owner'),
diff --git a/lib/lp/registry/scripts/tests/test_closeaccount.py b/lib/lp/registry/scripts/tests/test_closeaccount.py
index 49102f1..883fad0 100644
--- a/lib/lp/registry/scripts/tests/test_closeaccount.py
+++ b/lib/lp/registry/scripts/tests/test_closeaccount.py
@@ -1,4 +1,4 @@
-# Copyright 2018-2019 Canonical Ltd.  This software is licensed under the
+# Copyright 2018-2020 Canonical Ltd.  This software is licensed under the
 # GNU Affero General Public License version 3 (see the file LICENSE).
 
 """Test the close-account script."""
@@ -544,6 +544,44 @@ class TestCloseAccount(TestCaseWithFactory):
         self.assertRaises(
             KeyError, login_token_set.__getitem__, plaintext_token)
 
+    def test_handles_oauth_request_token(self):
+        person = self.factory.makePerson()
+        other_person = self.factory.makePerson()
+        request_token = self.factory.makeOAuthRequestToken(reviewed_by=person)
+        other_request_token = self.factory.makeOAuthRequestToken(
+            reviewed_by=other_person)
+        self.assertContentEqual([request_token], person.oauth_request_tokens)
+        self.assertContentEqual(
+            [other_request_token], other_person.oauth_request_tokens)
+        person_id = person.id
+        account_id = person.account.id
+        script = self.makeScript([six.ensure_str(person.name)])
+        with dbuser('launchpad'):
+            self.runScript(script)
+        self.assertRemoved(account_id, person_id)
+        self.assertContentEqual([], person.oauth_request_tokens)
+        self.assertContentEqual(
+            [other_request_token], other_person.oauth_request_tokens)
+
+    def test_handles_oauth_access_token(self):
+        person = self.factory.makePerson()
+        other_person = self.factory.makePerson()
+        access_token, _ = self.factory.makeOAuthAccessToken(owner=person)
+        other_access_token, _ = self.factory.makeOAuthAccessToken(
+            owner=other_person)
+        self.assertContentEqual([access_token], person.oauth_access_tokens)
+        self.assertContentEqual(
+            [other_access_token], other_person.oauth_access_tokens)
+        person_id = person.id
+        account_id = person.account.id
+        script = self.makeScript([six.ensure_str(person.name)])
+        with dbuser('launchpad'):
+            self.runScript(script)
+        self.assertRemoved(account_id, person_id)
+        self.assertContentEqual([], person.oauth_access_tokens)
+        self.assertContentEqual(
+            [other_access_token], other_person.oauth_access_tokens)
+
     def test_fails_on_undeleted_ppa(self):
         person = self.factory.makePerson()
         ppa = self.factory.makeArchive(owner=person)