fix(users): only delete user sessions when a user is locked (#186)

mangocubed · Feb 4, 2025 · 4710302 · 4710302
1 parent 2782a5f
commit 4710302
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 36 deletions.
diff --git a/mango3-core/src/models/user/user_get.rs b/mango3-core/src/models/user/user_get.rs
@@ -29,7 +29,7 @@ impl User {
                     role as "role!: UserRole",
                     created_at,
                     updated_at
-                FROM users WHERE locked_at IS NULL AND id = $1 LIMIT 1"#,
+                FROM users WHERE id = $1 LIMIT 1"#,
             id
         )
         .fetch_one(&core_context.db_pool)
@@ -62,7 +62,7 @@ impl User {
                     role as "role!: UserRole",
                     created_at,
                     updated_at
-                FROM users WHERE locked_at IS NULL AND LOWER(username) = $1 LIMIT 1"#,
+                FROM users WHERE LOWER(username) = $1 LIMIT 1"#,
             username.to_lowercase()
         )
         .fetch_one(&core_context.db_pool)

diff --git a/mango3-core/src/models/user/user_lock.rs b/mango3-core/src/models/user/user_lock.rs
@@ -1,7 +1,7 @@
 use sqlx::query;
 
 use crate::enums::MailerJobCommand;
-use crate::models::{Blob, Post, PostComment, PostReaction, PostView, UserSession, Website};
+use crate::models::UserSession;
 use crate::validator::ValidationErrors;
 use crate::CoreContext;
 
@@ -10,17 +10,7 @@ use super::User;
 impl User {
     pub async fn lock(&self, core_context: &CoreContext) -> Result<(), ValidationErrors> {
         let result = query!(
-            "UPDATE users SET
-                    email_confirmation_code_id = NULL,
-                    password_reset_confirmation_code_id = NULL,
-                    avatar_image_blob_id = NULL,
-                    encrypted_password = '',
-                    display_name = '',
-                    full_name = '',
-                    bio = '',
-                    hashtag_ids = ARRAY[]::uuid [],
-                    locked_at = current_timestamp
-                WHERE locked_at IS NULL AND id = $1",
+            "UPDATE users SET locked_at = current_timestamp WHERE locked_at IS NULL AND id = $1",
             self.id
         )
         .execute(&core_context.db_pool)
@@ -31,24 +21,6 @@ impl User {
                 UserSession::delete_all(core_context, self)
                     .await
                     .expect("could not delete user sessions");
-                Blob::delete_all(core_context, self)
-                    .await
-                    .expect("could not delete blobs");
-                Post::delete_all(core_context, self)
-                    .await
-                    .expect("could not delete posts");
-                PostComment::delete_all(core_context, self)
-                    .await
-                    .expect("could not delete post comments");
-                PostReaction::delete_all(core_context, self)
-                    .await
-                    .expect("could not delete post reactions");
-                PostView::delete_all(core_context, self)
-                    .await
-                    .expect("could not delete post views");
-                Website::delete_all(core_context, self)
-                    .await
-                    .expect("could not delete websites");
 
                 core_context.jobs.mailer(self, MailerJobCommand::Locked).await;
 
@@ -61,15 +33,12 @@ impl User {
 
 #[cfg(test)]
 mod tests {
-    use crate::test_utils::{insert_test_post, insert_test_user, insert_test_website, setup_core_context};
+    use crate::test_utils::{insert_test_user, setup_core_context};
 
     #[tokio::test]
     async fn should_lock_user() {
         let core_context = setup_core_context().await;
         let user = insert_test_user(&core_context).await;
-        let website = insert_test_website(&core_context, Some(&user)).await;
-
-        insert_test_post(&core_context, Some(&website), Some(&user)).await;
 
         let result = user.lock(&core_context).await;