Merge pull request #244 from authorizerdev/fix/remove-user-verification-request-when-deleted

fix: remove entries from otp + verification when user is deleted

Author: lakhansamani

server/constants/verification_types.go

@@ -14,3 +14,14 @@ const (
 	// VerificationTypeOTP is the otp verification type
 	VerificationTypeOTP = "verify_otp"
 )
+
+var (
+	// VerificationTypes is slice of all verification types
+	VerificationTypes = []string{
+		VerificationTypeBasicAuthSignup,
+		VerificationTypeMagicLinkLogin,
+		VerificationTypeUpdateEmail,
+		VerificationTypeForgotPassword,
+		VerificationTypeInviteMember,
+	}
+)

server/resolvers/delete_user.go

@@ -50,6 +50,34 @@ func DeleteUserResolver(ctx context.Context, params model.DeleteUserInput) (*mod
 	}
 
 	go func() {
+		// delete otp for given email
+		otp, err := db.Provider.GetOTPByEmail(ctx, user.Email)
+		if err != nil {
+			log.Debugf("Failed to get otp for given email (%s): %v", user.Email, err)
+			// continue
+		} else {
+			err := db.Provider.DeleteOTP(ctx, otp)
+			if err != nil {
+				log.Debugf("Failed to delete otp for given email (%s): %v", user.Email, err)
+				// continue
+			}
+		}
+
+		// delete verification requests for given email
+		for _, vt := range constants.VerificationTypes {
+			verificationRequest, err := db.Provider.GetVerificationRequestByEmail(ctx, user.Email, vt)
+			if err != nil {
+				log.Debug("Failed to get verification request for email: %s, verification_request_type: %s. %v", user.Email, vt, err)
+				// continue
+			} else {
+				err := db.Provider.DeleteVerificationRequest(ctx, verificationRequest)
+				if err != nil {
+					log.Debug("Failed to DeleteVerificationRequest for email: %s, verification_request_type: %s. %v", user.Email, vt, err)
+					// continue
+				}
+			}
+		}
+
 		memorystore.Provider.DeleteAllUserSessions(user.ID)
 		utils.RegisterEvent(ctx, constants.UserDeletedWebhookEvent, "", user)
 	}()