clinch

Author SHA1 Message Date

Author	SHA1	Message	Date
Dan Milne	93d8381214	Nullify token to auth-code FK on delete so cleanup job can purge codes The FK added in `b7fa499` defaulted to ON DELETE RESTRICT, which means OidcTokenCleanupJob#perform would fail when deleting auth codes older than 7 days if any refresh token (whose expiry is days-to-weeks) still referenced them. Switch both token FKs to ON DELETE SET NULL so token rows survive the code deletion with a NULL FK, preserving the audit trail the cleanup job deliberately keeps. Add a regression test covering the exact scenario: a 10-day-old auth code with a token still pointing at it -> cleanup deletes the code, token survives, token FK is nulled. Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>	2026-04-20 18:12:03 +10:00

Dan Milne

93d8381214

Nullify token to auth-code FK on delete so cleanup job can purge codes

The FK added in b7fa499 defaulted to ON DELETE RESTRICT, which means
OidcTokenCleanupJob#perform would fail when deleting auth codes older
than 7 days if any refresh token (whose expiry is days-to-weeks) still
referenced them. Switch both token FKs to ON DELETE SET NULL so token
rows survive the code deletion with a NULL FK, preserving the audit
trail the cleanup job deliberately keeps.

Add a regression test covering the exact scenario: a 10-day-old auth
code with a token still pointing at it -> cleanup deletes the code,
token survives, token FK is nulled.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>

2026-04-20 18:12:03 +10:00

1 Commits