Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-15716

OAuth link information remains after deleting a user, causes fatal exception

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2.3
    • Fix Version/s: 3.2.4-RC1
    • Component/s: None
    • Labels:
      None

      Description

      If a user is linked to any OAuth accounts, and then that user is deleted, the OAuth link associations for that user remains in the auth_provider_oauth_token_account_assoc table. If the user tries to log in again using OAuth, an exception with an AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY message is thrown.

      Steps to reproduce:

      1. Link a user using OAuth. A row is created in the oauth token account assoc table.
      2. Delete that user.
      3. Try to login as that user using OAuth.
      4. Exception is thrown.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Marc Marc
                Reporter:
                ghostal ghostal [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: