Nullify token to auth-code FK on delete so cleanup job can purge codes
The FK added in b7fa499 defaulted to ON DELETE RESTRICT, which means
OidcTokenCleanupJob#perform would fail when deleting auth codes older
than 7 days if any refresh token (whose expiry is days-to-weeks) still
referenced them. Switch both token FKs to ON DELETE SET NULL so token
rows survive the code deletion with a NULL FK, preserving the audit
trail the cleanup job deliberately keeps.
Add a regression test covering the exact scenario: a 10-day-old auth
code with a token still pointing at it -> cleanup deletes the code,
token survives, token FK is nulled.
Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
This commit is contained in:
Dan Milne
20
db/migrate/20260420080000_nullify_auth_code_fk_on_delete.rb
Normal file
20
db/migrate/20260420080000_nullify_auth_code_fk_on_delete.rb
Normal file
@@ -0,0 +1,20 @@
|
||||
class NullifyAuthCodeFkOnDelete < ActiveRecord::Migration[8.1]
|
||||
# When an OidcAuthorizationCode is deleted (e.g. by OidcTokenCleanupJob),
|
||||
# null out the FK on any descendant tokens instead of blocking the delete
|
||||
# on the default RESTRICT. Token rows survive for the audit trail.
|
||||
def up
|
||||
remove_foreign_key :oidc_access_tokens, :oidc_authorization_codes
|
||||
add_foreign_key :oidc_access_tokens, :oidc_authorization_codes, on_delete: :nullify
|
||||
|
||||
remove_foreign_key :oidc_refresh_tokens, :oidc_authorization_codes
|
||||
add_foreign_key :oidc_refresh_tokens, :oidc_authorization_codes, on_delete: :nullify
|
||||
end
|
||||
|
||||
def down
|
||||
remove_foreign_key :oidc_access_tokens, :oidc_authorization_codes
|
||||
add_foreign_key :oidc_access_tokens, :oidc_authorization_codes
|
||||
|
||||
remove_foreign_key :oidc_refresh_tokens, :oidc_authorization_codes
|
||||
add_foreign_key :oidc_refresh_tokens, :oidc_authorization_codes
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user