fix(coderd): ensure that user API keys are deleted when a user is (#7270)

Fixes an issue where API tokens belonging to a deleted user were not invalidated: - Adds a trigger to delete rows from the api_key stable when the column deleted is set to true in the users table. - Adds a trigger to the api_keys table to ensure that new rows may not be added where user_id corresponds to a deleted user. - Adds a migration to delete all API keys from deleted users. - Adds tests + dbfake implementation for the above.
2025-07-06 15:41:45 +00:00 · 2023-04-24 21:48:26 +01:00
parent ad82a60806
commit 8fc8559076
7 changed files with 165 additions and 2 deletions
--- a/coderd/database/migrations/000120_trigger_delete_user_apikey.down.sql
+++ b/coderd/database/migrations/000120_trigger_delete_user_apikey.down.sql
@ -0,0 +1,9 @@
+BEGIN;
+
+DROP TRIGGER IF EXISTS trigger_update_users ON users;
+DROP FUNCTION IF EXISTS delete_deleted_user_api_keys;
+
+DROP TRIGGER IF EXISTS trigger_insert_apikeys ON api_keys;
+DROP FUNCTION IF EXISTS insert_apikey_fail_if_user_deleted;
+
+COMMIT;
--- a/coderd/database/migrations/000120_trigger_delete_user_apikey.up.sql
+++ b/coderd/database/migrations/000120_trigger_delete_user_apikey.up.sql
@ -0,0 +1,55 @@
+BEGIN;
+
+-- We need to delete all existing API keys for soft-deleted users.
+DELETE FROM
+	api_keys
+WHERE
+	user_id
+IN (
+	SELECT id FROM users WHERE deleted
+);
+
+
+-- When we soft-delete a user, we also want to delete their API key.
+CREATE FUNCTION delete_deleted_user_api_keys() RETURNS trigger
+	LANGUAGE plpgsql
+	AS $$
+DECLARE
+BEGIN
+	IF (NEW.deleted) THEN
+		DELETE FROM api_keys
+		WHERE user_id = OLD.id;
+	END IF;
+	RETURN NEW;
+END;
+$$;
+
+
+CREATE TRIGGER trigger_update_users
+AFTER INSERT OR UPDATE ON users
+FOR EACH ROW
+WHEN (NEW.deleted = true)
+EXECUTE PROCEDURE delete_deleted_user_api_keys();
+
+-- When we insert a new api key, we want to fail if the user is soft-deleted.
+CREATE FUNCTION insert_apikey_fail_if_user_deleted() RETURNS trigger
+	LANGUAGE plpgsql
+	AS $$
+
+DECLARE
+BEGIN
+	IF (NEW.user_id IS NOT NULL) THEN
+		IF (SELECT deleted FROM users WHERE id = NEW.user_id LIMIT 1) THEN
+			RAISE EXCEPTION 'Cannot create API key for deleted user';
+		END IF;
+	END IF;
+	RETURN NEW;
+END;
+$$;
+
+CREATE TRIGGER trigger_insert_apikeys
+BEFORE INSERT ON api_keys
+FOR EACH ROW
+EXECUTE PROCEDURE insert_apikey_fail_if_user_deleted();
+
+COMMIT;