From 3507ddb0e8f85cb2a2cb20595590b1c89cc27c67 Mon Sep 17 00:00:00 2001 From: Daniel Hensby Date: Wed, 24 Jun 2015 21:04:23 +0100 Subject: [PATCH] FIX MemberPassword history removed with with Members Currently Members that were deleted would still have their passwords stored in the DB even though they were deleted. This seems unnecessary and just increases data that could potentially be compromised later. --- security/Member.php | 24 +++++++++++++++++++++++- tests/security/MemberTest.php | 7 +++++++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/security/Member.php b/security/Member.php index 86c34b821..08b4ab75d 100644 --- a/security/Member.php +++ b/security/Member.php @@ -59,7 +59,9 @@ class Member extends DataObject implements TemplateGlobalProvider { private static $has_one = array(); - private static $has_many = array(); + private static $has_many = array( + 'LoggedPasswords' => 'MemberPassword', + ); private static $many_many = array(); @@ -879,6 +881,26 @@ class Member extends DataObject implements TemplateGlobalProvider { } } + public function onAfterDelete() { + parent::onAfterDelete(); + + //prevent orphaned records remaining in the DB + $this->deletePasswordLogs(); + } + + /** + * Delete the MemberPassword objects that are associated to this user + * + * @return self + */ + protected function deletePasswordLogs() { + foreach ($this->LoggedPasswords() as $password) { + $password->delete(); + $password->destroy(); + } + return $this; + } + /** * If any admin groups are requested, deny the whole save operation. * diff --git a/tests/security/MemberTest.php b/tests/security/MemberTest.php index d044441e4..575dc40bd 100644 --- a/tests/security/MemberTest.php +++ b/tests/security/MemberTest.php @@ -172,6 +172,13 @@ class MemberTest extends FunctionalTest { $this->assertInstanceOf('DataObject', $passwords->current()); $this->assertTrue($passwords->current()->checkPassword('1nitialPassword'), "Password 1nitialPassword not found in MemberRecord"); + + //check we don't retain orphaned records when a member is deleted + $member->delete(); + + $passwords = MemberPassword::get()->filter('MemberID', $member->OldID); + + $this->assertCount(0, $passwords); } /**