FIX MemberPassword history removed with with Members

Currently Members that were deleted would still have their passwords stored in the DB even though they were deleted. This seems unnecessary and just increases data that could potentially be compromised later.
2024-10-22 12:05:37 +00:00 · 2015-06-24 21:04:23 +01:00 · 2015-06-24 21:04:23 +01:00 · 3507ddb0e8
commit 3507ddb0e8
parent 0514605cdc
2 changed files with 30 additions and 1 deletions
--- a/security/Member.php
+++ b/security/Member.php
@ -59,7 +59,9 @@ class Member extends DataObject implements TemplateGlobalProvider {

 	private static $has_one = array();

-	private static $has_many = array();
+	private static $has_many = array(
+		'LoggedPasswords' => 'MemberPassword',
+	);

 	private static $many_many = array();

@ -879,6 +881,26 @@ class Member extends DataObject implements TemplateGlobalProvider {
 		}
 	}

+	public function onAfterDelete() {
+		parent::onAfterDelete();
+
+		//prevent orphaned records remaining in the DB
+		$this->deletePasswordLogs();
+	}
+
+	/**
+	 * Delete the MemberPassword objects that are associated to this user
+	 *
+	 * @return self
+	 */
+	protected function deletePasswordLogs() {
+		foreach ($this->LoggedPasswords() as $password) {
+			$password->delete();
+			$password->destroy();
+		}
+		return $this;
+	}
+
 	/**
 	 * If any admin groups are requested, deny the whole save operation.
 	 *
--- a/tests/security/MemberTest.php
+++ b/tests/security/MemberTest.php
@ -172,6 +172,13 @@ class MemberTest extends FunctionalTest {
 		$this->assertInstanceOf('DataObject', $passwords->current());
 		$this->assertTrue($passwords->current()->checkPassword('1nitialPassword'),
 			"Password 1nitialPassword not found in MemberRecord");
+
+		//check we don't retain orphaned records when a member is deleted
+		$member->delete();
+
+		$passwords = MemberPassword::get()->filter('MemberID', $member->OldID);
+
+		$this->assertCount(0, $passwords);
 	}

 	/**