From 4c2edccb5c9d904194b3d878c0ab492df2cc4d3e Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Wed, 11 May 2022 00:15:20 +0200
Subject: [PATCH 1/3] delete user related oauth stuff on user deletion too

---
 models/auth/oauth2.go | 20 ++++++++++++++++++++
 models/user.go        |  5 +++++
 2 files changed, 25 insertions(+)

diff --git a/models/auth/oauth2.go b/models/auth/oauth2.go
index 4d44a8842ad0c..fa2b38a98d7e1 100644
--- a/models/auth/oauth2.go
+++ b/models/auth/oauth2.go
@@ -5,6 +5,7 @@
 package auth
 
 import (
+	"context"
 	"crypto/sha256"
 	"encoding/base32"
 	"encoding/base64"
@@ -18,6 +19,7 @@ import (
 
 	uuid "github.com/google/uuid"
 	"golang.org/x/crypto/bcrypt"
+	"xorm.io/builder"
 	"xorm.io/xorm"
 )
 
@@ -576,3 +578,21 @@ func GetActiveOAuth2SourceByName(name string) (*Source, error) {
 
 	return authSource, nil
 }
+
+func DeleteOAuth2RelictsByUserID(ctx context.Context, userID int64) error {
+	deleteCond := builder.Select("id").From("oauth2_grant").Where(builder.Eq{"oauth2_grant.user_id": userID})
+
+	if _, err := db.GetEngine(ctx).In("grant_id", deleteCond).
+		Delete(&OAuth2AuthorizationCode{}); err != nil {
+		return err
+	}
+
+	if err := db.DeleteBeans(ctx,
+		&OAuth2Application{UID: userID},
+		&OAuth2Grant{UserID: userID},
+	); err != nil {
+		return fmt.Errorf("deleteBeans: %v", err)
+	}
+
+	return nil
+}
diff --git a/models/user.go b/models/user.go
index 11234a881df05..16a48d8033ec0 100644
--- a/models/user.go
+++ b/models/user.go
@@ -13,6 +13,7 @@ import (
 	_ "image/jpeg" // Needed for jpeg support
 
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
+	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/issues"
 	"code.gitea.io/gitea/models/organization"
@@ -89,6 +90,10 @@ func DeleteUser(ctx context.Context, u *user_model.User) (err error) {
 		return fmt.Errorf("deleteBeans: %v", err)
 	}
 
+	if err := auth_model.DeleteOAuth2RelictsByUserID(ctx, u.ID); err != nil {
+		return err
+	}
+
 	if setting.Service.UserDeleteWithCommentsMaxTime != 0 &&
 		u.CreatedUnix.AsTime().Add(setting.Service.UserDeleteWithCommentsMaxTime).After(time.Now()) {
 

From 2cc9f82d90220c29c1b6c5aab2b615e759903f54 Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Wed, 11 May 2022 00:34:43 +0200
Subject: [PATCH 2/3] extend doctor check-db-consistency

---
 modules/doctor/dbconsistency.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/modules/doctor/dbconsistency.go b/modules/doctor/dbconsistency.go
index 6b5755608b588..9ab8feb6794b1 100644
--- a/modules/doctor/dbconsistency.go
+++ b/modules/doctor/dbconsistency.go
@@ -186,6 +186,15 @@ func checkDBConsistency(ctx context.Context, logger log.Logger, autofix bool) er
 		// find action without repository
 		genericOrphanCheck("Action entries without existing repository",
 			"action", "repository", "action.repo_id=repository.id"),
+		// find OAuth2Grant without existing user
+		genericOrphanCheck("Orphaned OAuth2Grant without existing User",
+			"oauth2_grant", "user", "oauth2_grant.user_id=user.id"),
+		// find OAuth2Application without existing user
+		genericOrphanCheck("Orphaned OAuth2Application without existing User",
+			"oauth2_application", "user", "oauth2_application.uid=user.id"),
+		// find OAuth2AuthorizationCode without existing OAuth2Grant
+		genericOrphanCheck("Orphaned OAuth2AuthorizationCode without existing OAuth2Grant",
+			"oauth2_authorization_code", "oauth2_grant", "oauth2_authorization_code.grant_id=oauth2_grant.id"),
 	)
 
 	for _, c := range consistencyChecks {

From 92a32c9c3ad7d333e10ed5ea6e4b1b4a8181a373 Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Wed, 11 May 2022 12:07:00 +0200
Subject: [PATCH 3/3] Update models/auth/oauth2.go

Co-authored-by: delvh <dev.lh@web.de>
---
 models/auth/oauth2.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/models/auth/oauth2.go b/models/auth/oauth2.go
index fa2b38a98d7e1..ca77fcdb78266 100644
--- a/models/auth/oauth2.go
+++ b/models/auth/oauth2.go
@@ -591,7 +591,7 @@ func DeleteOAuth2RelictsByUserID(ctx context.Context, userID int64) error {
 		&OAuth2Application{UID: userID},
 		&OAuth2Grant{UserID: userID},
 	); err != nil {
-		return fmt.Errorf("deleteBeans: %v", err)
+		return fmt.Errorf("DeleteBeans: %v", err)
 	}
 
 	return nil