Uploaded image for project: 'PUBLIC - OAuth2'
  1. PUBLIC - OAuth2
  2. OAUTH2-295

Deleting an OAuth2ApplicationScopeAliases entry can break referential intergrity

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: Master
    • Fix Version/s: Master
    • Component/s: None
    • Labels:
      None

      Description

      OAuth2ApplicationScopeAliasesLocalServiceImpl.deleteOAuth2ApplicationScopeAliases(long) deletes also the related OAuth2ScopeGrant entries. But it does not take care to prevent deletion of those that are referenced by OAuth2Authorization entries (or alternatively cascade the deletion to those entries also).

      1. Go to OAuth 2 Administration and create an OAuth 2 application
      2. Configure some scopes for the application and save it.
      3. Use a client (command line, Postman, Insomia, ...) to access the OAuth application which will create an entry in `Authorizations`
      4. Invoke the problem method from custom Java code (there is no remote service equivalent)

      Expected result: There are no records in OA2Auths_OA2ScopeGrants that reference non-existent records in OAuth2ScopeGrants
      Actual result: Such records exist

      Because there is no remote service the likelihood of this bug impacting customers is much lower. Still this a bug that we should resolve at some stage.

        Attachments

          Activity

            People

            Assignee:
            arthur.chen Arthur Chen
            Reporter:
            stian.sigvartsen Stian Sigvartsen
            Participants of an Issue:
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                Master