[openstreetmap/openstreetmap-website] Deleting user does not remove client application configuration (#2566)
Simon Poole
notifications at github.com
Sat Mar 21 19:41:27 UTC 2020
Deleting a user (via the admin UI), does not remove any application OAuth configuration. I assume this is due to deleting not actually deleting but keeping the record and simply setting "deleted" status.
I believe wrt the app configuration this is a bit dangerous as it allows a potentially malicious entry to remain even when one might believe that the issue has been resolved. So either the app entries should be really deleted or we need a method of deactivating the app entry and cascading it to the individual user configurations. IMHO the former is preferable except if there are record keeping requirements that would speak against doing that.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/2566
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20200321/fa641258/attachment.htm>
More information about the rails-dev
mailing list