clean up tokens on deauthorize

components/server/src/user/user-service.ts

@@ -196,9 +196,13 @@ export class UserService {
     }
 
     async checkTermsAccepted(user: User) {
-        const terms = this.termsProvider.getCurrent();
-        const accepted = await this.termsAcceptanceDb.getAcceptedRevision(user.id);
-        return !!accepted && (accepted.termsRevision === terms.revision);
+        // disabled terms acceptance check for now
+
+        return true;
+
+        // const terms = this.termsProvider.getCurrent();
+        // const accepted = await this.termsAcceptanceDb.getAcceptedRevision(user.id);
+        // return !!accepted && (accepted.termsRevision === terms.revision);
     }
 
     async isBlocked(params: CheckIsBlockedParams): Promise<boolean> {
@@ -274,7 +278,8 @@ export class UserService {
 
     async deauthorize(user: User, authProviderId: string) {
         const externalIdentities = user.identities.filter(i => i.authProviderId !== TokenService.GITPOD_AUTH_PROVIDER_ID);
-        if (!externalIdentities.some(i => i.authProviderId === authProviderId)) {
+        const identity = externalIdentities.find(i => i.authProviderId === authProviderId)
+        if (!identity) {
             log.debug('Cannot deauthorize. Authorization not found.', { userId: user.id, authProviderId });
             return;
         }
@@ -283,6 +288,9 @@ export class UserService {
             throw new Error("Cannot remove last provider authorization. Please delete account instead.");
         }
 
+        // explicitly remove associated tokens
+        await this.userDb.deleteTokens(identity);
+
         // effectively remove the provider authorization
         user.identities = user.identities.filter(i => i.authProviderId !== authProviderId);
         await this.userDb.storeUser(user);