Deleting a user does not destroy the single sign on record

dansingerman · May 13, 2015, 4:59pm

We have the situation where we use single sign on, and a record got created with the wrong email address.

I believe if we delete the user and recreate them again (with the correct email address) via the API sync_sso method the problem will resolve.

However this doesn’t work, the deleted user gets resurrected.

Eyeballing the code it doesn’t look like the UserDestroyer destroys any related SingleSignOnRecord instances, which I think explains this.

Should the UserDestroyer destroy SingleSignOnRecords? Is there a use case where we would not want this to happen?

codinghorror · May 13, 2015, 10:21pm

Not sure, this is a question for @sam I think.

sam · June 1, 2015, 5:46am

Its actually destroying, do you have a repro test case:

github.com

discourse/discourse/blob/master/app/models/user.rb#L47


has_many :targeted_group_histories, dependent: :destroy, foreign_key: :target_user_id, class_name: 'GroupHistory'
has_many :reviewable_scores, dependent: :destroy
has_many :invites, foreign_key: :invited_by_id, dependent: :destroy
has_many :user_custom_fields, dependent: :destroy

has_one :user_option, dependent: :destroy
has_one :user_avatar, dependent: :destroy
has_one :primary_email, -> { where(primary: true)  }, class_name: 'UserEmail', dependent: :destroy, autosave: true, validate: false
has_one :user_stat, dependent: :destroy
has_one :user_profile, dependent: :destroy, inverse_of: :user
has_one :single_sign_on_record, dependent: :destroy
has_one :anonymous_user_master, class_name: 'AnonymousUser', dependent: :destroy
has_one :anonymous_user_shadow, ->(record) { where(active: true) }, foreign_key: :master_user_id, class_name: 'AnonymousUser', dependent: :destroy
has_one :invited_user, dependent: :destroy
has_one :user_notification_schedule, dependent: :destroy

# delete all is faster but bypasses callbacks
has_many :bookmarks, dependent: :delete_all
has_many :notifications, dependent: :delete_all
has_many :topic_users, dependent: :delete_all
has_many :incoming_emails, dependent: :delete_all

dansingerman · June 2, 2015, 9:35am

No, this is my mistake, you are right that it deletes the SSO record. I had a slightly different issue, but don’t thinks it’s a bug.

Thanks for looking

Topic		Replies	Views
Resetting or Destroying Single Sign On Records sso	6	2915	November 20, 2018
Remove all users except admins or a few select users whichever is easier support	11	436	January 16, 2023
Is it possible to change users SSO's external_id after a DB migration? support	6	1564	October 27, 2022
SSO and changing email addresses upstream support	5	2161	April 20, 2021
Delete sso with api sso	4	1038	November 21, 2020

Deleting a user does not destroy the single sign on record

Related Topics