(NOBIDS) purge all sessions after account deletion (#2487)

* (NOBIDS) purge all sessions after account deletion * (NOBIDS) using correct error log function * (NOBIDS) separated parameters from error text
gobitfly · Sep 4, 2023 · 5e0bda2 · 5e0bda2
1 parent c424be8
commit 5e0bda2
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/handlers/user.go b/handlers/user.go
@@ -1181,6 +1181,13 @@ func UserDeletePost(w http.ResponseWriter, r *http.Request) {
 		}
 
 		Logout(w, r)
+		err = purgeAllSessionsForUser(r.Context(), user.UserID)
+		if err != nil {
+			utils.LogError(err, "error purging sessions for user", 0, map[string]interface{}{"userID": user.UserID})
+			utils.SetFlash(w, r, authSessionName, authInternalServerErrorFlashMsg)
+			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			return
+		}
 	} else {
 		utils.LogError(nil, "Trying to delete an unauthenticated user", 0)
 		http.Redirect(w, r, "/user/settings", http.StatusSeeOther)