Enabling Token Authentication doesn't remove extraneous rows in tokenauth_tokens
| Project: | Token authentication |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
(I'm entering this from reading the code. I don't have time right now to verify the problem in a working system, sorry!)
If you disable Token Authentication (but not uninstall), then delete users, then reenable Token Authentication, there are extraneous rows in the tokenauth_tokens table.
To reproduce:
1. Enable Token Authentication.
2. Create a new user "Fred".
3. Disable Token Authentication (but don't uninstall).
4. Delete user "Fred".
5. Enable Token Authentication.
Expected result: There is no row in tokenauth_tokens for "Fred". (The query: select * from tokenauth_tokens tt where not exists (select * from users where users.uid=tt.uid) returns 0 rows)
Actual result: There is an orphan row in tokenauth_tokens.
To fix: (Sorry this isn't a patch--don't have time to come up with one right now.) In tokenauth_enable(), first delete any orphan rows in tokenauth_tokens. (Those rows whose uid doesn't have a corresponding row in users. Something like: delete tokenauth_tokens where not exists (select * from users where users.uid=tokenauth_tokens.uid))
#1
I changed this code a bit yesterday but I may not have fixed this. Can't investigate right now.