Merge pull request #4348 from dhensby/pulls/3.2/fix-orphaned-passwords

FIX MemberPassword history removed with with Members

security/Member.php

@@ -59,7 +59,9 @@ class Member extends DataObject implements TemplateGlobalProvider {
 
 	private static $has_one = array();
 
-	private static $has_many = array();
+	private static $has_many = array(
+		'LoggedPasswords' => 'MemberPassword',
+	);
 
 	private static $many_many = array();
 
@@ -879,6 +881,26 @@ class Member extends DataObject implements TemplateGlobalProvider {
 		}
 	}
 
+	public function onAfterDelete() {
+		parent::onAfterDelete();
+
+		//prevent orphaned records remaining in the DB
+		$this->deletePasswordLogs();
+	}
+
+	/**
+	 * Delete the MemberPassword objects that are associated to this user
+	 *
+	 * @return self
+	 */
+	protected function deletePasswordLogs() {
+		foreach ($this->LoggedPasswords() as $password) {
+			$password->delete();
+			$password->destroy();
+		}
+		return $this;
+	}
+
 	/**
 	 * If any admin groups are requested, deny the whole save operation.
 	 *

tests/security/MemberTest.php

@@ -172,6 +172,13 @@ class MemberTest extends FunctionalTest {
 		$this->assertInstanceOf('DataObject', $passwords->current());
 		$this->assertTrue($passwords->current()->checkPassword('1nitialPassword'),
 			"Password 1nitialPassword not found in MemberRecord");
+
+		//check we don't retain orphaned records when a member is deleted
+		$member->delete();
+
+		$passwords = MemberPassword::get()->filter('MemberID', $member->OldID);
+
+		$this->assertCount(0, $passwords);
 	}
 
 	/**