Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-15716

OAuth link information remains after deleting a user, causes fatal exception

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 3.2.4-RC1
    • 3.2.3
    • None
    • None

      If a user is linked to any OAuth accounts, and then that user is deleted, the OAuth link associations for that user remains in the auth_provider_oauth_token_account_assoc table. If the user tries to log in again using OAuth, an exception with an AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY message is thrown.

      Steps to reproduce:

      1. Link a user using OAuth. A row is created in the oauth token account assoc table.
      2. Delete that user.
      3. Try to login as that user using OAuth.
      4. Exception is thrown.

            Marc Marc
            ghostal ghostal [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: