db: scope DestroyUser to only delete the target user's pre-auth keys

DestroyUser called ListPreAuthKeys(tx) which returns ALL pre-auth keys across all users, then deleted every one of them. This caused deleting any single user to wipe out pre-auth keys for every other user. Extract a ListPreAuthKeysByUser function (consistent with the existing ListNodesByUser pattern) and use it in DestroyUser to scope key deletion to the user being destroyed. Add unit test (table-driven in TestDestroyUserErrors) and integration test to prevent regression. Fixes #3154 Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc>
2026-04-25 01:59:07 +02:00 · 2026-03-27 13:12:20 +00:00
parent 6ae182696f
commit 7c756b8201
4 changed files with 61 additions and 1 deletions
--- a/hscontrol/db/preauth_keys.go
+++ b/hscontrol/db/preauth_keys.go
@@ -170,6 +170,18 @@ func ListPreAuthKeys(tx *gorm.DB) ([]types.PreAuthKey, error) {
 	return keys, nil
 }

+// ListPreAuthKeysByUser returns all PreAuthKeys belonging to a specific user.
+func ListPreAuthKeysByUser(tx *gorm.DB, uid types.UserID) ([]types.PreAuthKey, error) {
+	var keys []types.PreAuthKey
+
+	err := tx.Preload("User").Where("user_id = ?", uint(uid)).Find(&keys).Error
+	if err != nil {
+		return nil, err
+	}
+
+	return keys, nil
+}
+
 var (
 	ErrPreAuthKeyFailedToParse    = errors.New("failed to parse auth-key")
 	ErrPreAuthKeyNotTaggedOrOwned = errors.New("auth-key must be either tagged or owned by user")