Merge pull request #3502 from marc1706/ticket/13564

[ticket/13564] Unlink user accounts upon deleting user

phpBB/includes/functions_user.php

@@ -500,6 +500,9 @@ function user_delete($mode, $user_ids, $retain_username = true)
 
 	$num_users_delta = 0;
 
+	// Get auth provider collection in case accounts might need to be unlinked
+	$provider_collection = $phpbb_container->get('auth.provider_collection');
+
 	// Some things need to be done in the loop (if the query changes based
 	// on which user is currently being deleted)
 	$added_guest_posts = 0;
@@ -510,6 +513,38 @@ function user_delete($mode, $user_ids, $retain_username = true)
 			avatar_delete('user', $user_row);
 		}
 
+		// Unlink accounts
+		foreach ($provider_collection as $provider_name => $auth_provider)
+		{
+			$provider_data = $auth_provider->get_auth_link_data($user_id);
+
+			if ($provider_data !== null)
+			{
+				$link_data = array(
+					'user_id' => $user_id,
+					'link_method' => 'user_delete',
+				);
+
+				// BLOCK_VARS might contain hidden fields necessary for unlinking accounts
+				if (isset($provider_data['BLOCK_VARS']) && is_array($provider_data['BLOCK_VARS']))
+				{
+					foreach ($provider_data['BLOCK_VARS'] as $provider_service)
+					{
+						if (!array_key_exists('HIDDEN_FIELDS', $provider_service))
+						{
+							$provider_service['HIDDEN_FIELDS'] = array();
+						}
+
+						$auth_provider->unlink_account(array_merge($link_data, $provider_service['HIDDEN_FIELDS']));
+					}
+				}
+				else
+				{
+					$auth_provider->unlink_account($link_data);
+				}
+			}
+		}
+
 		// Decrement number of users if this user is active
 		if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
 		{

phpBB/phpbb/auth/provider/base.php

@@ -61,7 +61,7 @@ abstract class base implements \phpbb\auth\provider\provider_interface
 	/**
 	* {@inheritdoc}
 	*/
-	public function get_auth_link_data()
+	public function get_auth_link_data($user_id = 0)
 	{
 		return;
 	}

phpBB/phpbb/auth/provider/oauth/oauth.php

@@ -553,13 +553,13 @@ class oauth extends \phpbb\auth\provider\base
 	/**
 	* {@inheritdoc}
 	*/
-	public function get_auth_link_data()
+	public function get_auth_link_data($user_id = 0)
 	{
 		$block_vars = array();
 
 		// Get all external accounts tied to the current user
 		$data = array(
-			'user_id' => (int) $this->user->data['user_id'],
+			'user_id' => ($user_id <= 0) ? (int) $this->user->data['user_id'] : (int) $user_id,
 		);
 		$sql = 'SELECT oauth_provider_id, provider FROM ' . $this->auth_provider_oauth_token_account_assoc . '
 			WHERE ' . $this->db->sql_build_array('SELECT', $data);
@@ -616,10 +616,13 @@ class oauth extends \phpbb\auth\provider\base
 			return 'LOGIN_LINK_MISSING_DATA';
 		}
 
+		// Remove user specified in $link_data if possible
+		$user_id = isset($link_data['user_id']) ? $link_data['user_id'] : $this->user->data['user_id'];
+
 		// Remove the link
 		$sql = 'DELETE FROM ' . $this->auth_provider_oauth_token_account_assoc . "
 			WHERE provider = '" . $this->db->sql_escape($link_data['oauth_service']) . "'
-				AND user_id = " . (int) $this->user->data['user_id'];
+				AND user_id = " . (int) $user_id;
 		$this->db->sql_query($sql);
 
 		// Clear all tokens belonging to the user on this servce

phpBB/phpbb/auth/provider/provider_interface.php

@@ -166,6 +166,10 @@ interface provider_interface
 	/**
 	* Returns an array of data necessary to build the ucp_auth_link page
 	*
+	* @param int $user_id User ID for whom the data should be retrieved.
+	*						defaults to 0, which is not a valid ID. The method
+	*						should fall back to the current user's ID in this
+	*						case.
 	* @return	array|null	If this function is not implemented on an auth
 	*						provider then it returns null. If it is implemented
 	*						it will return an array of up to four elements of
@@ -181,7 +185,7 @@ interface provider_interface
 	*							'VARS'				=> array(...),
 	*						)
 	*/
-	public function get_auth_link_data();
+	public function get_auth_link_data($user_id = 0);
 
 	/**
 	* Unlinks an external account from a phpBB account.