Skip to content

Commit

Permalink
fix: Make user removal more resilient
Browse files Browse the repository at this point in the history
Currently there is a problem if an exception is thrown in `User::delete`,
because at that point the user is already removed from the backend,
but not all data is deleted.

There is no way to recover from this state, as the user is gone no information is available anymore.
This means the data is still available on the server but can not removed by any API anymore.

The solution here is to first set a flag and backup the user home,
this can be used to recover failed user deletions in a way the delete can be re-tried.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
  • Loading branch information
susnux committed Sep 11, 2024
1 parent 2b5dd11 commit 6c21dc7
Show file tree
Hide file tree
Showing 11 changed files with 305 additions and 84 deletions.
3 changes: 3 additions & 0 deletions lib/composer/composer/autoload_classmap.php
Original file line number Diff line number Diff line change
Expand Up @@ -1791,6 +1791,7 @@
'OC\\RepairException' => $baseDir . '/lib/private/RepairException.php',
'OC\\Repair\\AddAppConfigLazyMigration' => $baseDir . '/lib/private/Repair/AddAppConfigLazyMigration.php',
'OC\\Repair\\AddBruteForceCleanupJob' => $baseDir . '/lib/private/Repair/AddBruteForceCleanupJob.php',
'OC\\Repair\\AddCleanupDeletedUsersBackgroundJob' => $baseDir . '/lib/private/Repair/AddCleanupDeletedUsersBackgroundJob.php',
'OC\\Repair\\AddCleanupUpdaterBackupsJob' => $baseDir . '/lib/private/Repair/AddCleanupUpdaterBackupsJob.php',
'OC\\Repair\\AddMetadataGenerationJob' => $baseDir . '/lib/private/Repair/AddMetadataGenerationJob.php',
'OC\\Repair\\AddRemoveOldTasksBackgroundJob' => $baseDir . '/lib/private/Repair/AddRemoveOldTasksBackgroundJob.php',
Expand Down Expand Up @@ -1989,8 +1990,10 @@
'OC\\UserStatus\\Manager' => $baseDir . '/lib/private/UserStatus/Manager.php',
'OC\\User\\AvailabilityCoordinator' => $baseDir . '/lib/private/User/AvailabilityCoordinator.php',
'OC\\User\\Backend' => $baseDir . '/lib/private/User/Backend.php',
'OC\\User\\BackgroundJobs\\CleanupDeletedUsers' => $baseDir . '/lib/private/User/BackgroundJobs/CleanupDeletedUsers.php',
'OC\\User\\Database' => $baseDir . '/lib/private/User/Database.php',
'OC\\User\\DisplayNameCache' => $baseDir . '/lib/private/User/DisplayNameCache.php',
'OC\\User\\FailedUsersBackend' => $baseDir . '/lib/private/User/FailedUsersBackend.php',
'OC\\User\\LazyUser' => $baseDir . '/lib/private/User/LazyUser.php',
'OC\\User\\Listeners\\BeforeUserDeletedListener' => $baseDir . '/lib/private/User/Listeners/BeforeUserDeletedListener.php',
'OC\\User\\Listeners\\UserChangedListener' => $baseDir . '/lib/private/User/Listeners/UserChangedListener.php',
Expand Down
3 changes: 3 additions & 0 deletions lib/composer/composer/autoload_static.php
Original file line number Diff line number Diff line change
Expand Up @@ -1824,6 +1824,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
'OC\\RepairException' => __DIR__ . '/../../..' . '/lib/private/RepairException.php',
'OC\\Repair\\AddAppConfigLazyMigration' => __DIR__ . '/../../..' . '/lib/private/Repair/AddAppConfigLazyMigration.php',
'OC\\Repair\\AddBruteForceCleanupJob' => __DIR__ . '/../../..' . '/lib/private/Repair/AddBruteForceCleanupJob.php',
'OC\\Repair\\AddCleanupDeletedUsersBackgroundJob' => __DIR__ . '/../../..' . '/lib/private/Repair/AddCleanupDeletedUsersBackgroundJob.php',
'OC\\Repair\\AddCleanupUpdaterBackupsJob' => __DIR__ . '/../../..' . '/lib/private/Repair/AddCleanupUpdaterBackupsJob.php',
'OC\\Repair\\AddMetadataGenerationJob' => __DIR__ . '/../../..' . '/lib/private/Repair/AddMetadataGenerationJob.php',
'OC\\Repair\\AddRemoveOldTasksBackgroundJob' => __DIR__ . '/../../..' . '/lib/private/Repair/AddRemoveOldTasksBackgroundJob.php',
Expand Down Expand Up @@ -2022,8 +2023,10 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
'OC\\UserStatus\\Manager' => __DIR__ . '/../../..' . '/lib/private/UserStatus/Manager.php',
'OC\\User\\AvailabilityCoordinator' => __DIR__ . '/../../..' . '/lib/private/User/AvailabilityCoordinator.php',
'OC\\User\\Backend' => __DIR__ . '/../../..' . '/lib/private/User/Backend.php',
'OC\\User\\BackgroundJobs\\CleanupDeletedUsers' => __DIR__ . '/../../..' . '/lib/private/User/BackgroundJobs/CleanupDeletedUsers.php',
'OC\\User\\Database' => __DIR__ . '/../../..' . '/lib/private/User/Database.php',
'OC\\User\\DisplayNameCache' => __DIR__ . '/../../..' . '/lib/private/User/DisplayNameCache.php',
'OC\\User\\FailedUsersBackend' => __DIR__ . '/../../..' . '/lib/private/User/FailedUsersBackend.php',
'OC\\User\\LazyUser' => __DIR__ . '/../../..' . '/lib/private/User/LazyUser.php',
'OC\\User\\Listeners\\BeforeUserDeletedListener' => __DIR__ . '/../../..' . '/lib/private/User/Listeners/BeforeUserDeletedListener.php',
'OC\\User\\Listeners\\UserChangedListener' => __DIR__ . '/../../..' . '/lib/private/User/Listeners/UserChangedListener.php',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,27 +16,31 @@
use OCP\Files\Storage\IStorage;
use OCP\User\Events\BeforeUserDeletedEvent;
use OCP\User\Events\UserDeletedEvent;
use Psr\Log\LoggerInterface;

/** @template-implements IEventListener<BeforeUserDeletedEvent|UserDeletedEvent> */
class UserDeletedFilesCleanupListener implements IEventListener {
/** @var array<string,IStorage> */
private $homeStorageCache = [];

/** @var IMountProviderCollection */
private $mountProviderCollection;

public function __construct(IMountProviderCollection $mountProviderCollection) {
$this->mountProviderCollection = $mountProviderCollection;
public function __construct(
private IMountProviderCollection $mountProviderCollection,
private LoggerInterface $logger,
) {
}

public function handle(Event $event): void {
$user = $event->getUser();

// since we can't reliably get the user home storage after the user is deleted
// but the user deletion might get canceled during the before event
// we only cache the user home storage during the before event and then do the
// action deletion during the after event

if ($event instanceof BeforeUserDeletedEvent) {
$userHome = $this->mountProviderCollection->getHomeMountForUser($event->getUser());
$this->logger->debug('Prepare deleting storage for user {userId}', ['userId' => $user->getUID()]);

$userHome = $this->mountProviderCollection->getHomeMountForUser($user);
$storage = $userHome->getStorage();
if (!$storage) {
throw new \Exception('Account has no home storage');
Expand All @@ -49,14 +53,15 @@ public function handle(Event $event): void {
}

$this->homeStorageCache[$event->getUser()->getUID()] = $storage;
}
if ($event instanceof UserDeletedEvent) {
if (!isset($this->homeStorageCache[$event->getUser()->getUID()])) {
} elseif ($event instanceof UserDeletedEvent) {

Check failure on line 56 in lib/private/Authentication/Listeners/UserDeletedFilesCleanupListener.php

View workflow job for this annotation

GitHub Actions / static-code-analysis

RedundantCondition

lib/private/Authentication/Listeners/UserDeletedFilesCleanupListener.php:56:13: RedundantCondition: Type OCP\User\Events\UserDeletedEvent for $event is always OCP\User\Events\UserDeletedEvent (see https://psalm.dev/122)

Check failure

Code scanning / Psalm

RedundantCondition Error

Type OCP\User\Events\UserDeletedEvent for $event is always OCP\User\Events\UserDeletedEvent
if (!isset($this->homeStorageCache[$user->getUID()])) {
throw new \Exception('UserDeletedEvent fired without matching BeforeUserDeletedEvent');
}
$storage = $this->homeStorageCache[$event->getUser()->getUID()];
$storage = $this->homeStorageCache[$user->getUID()];
$cache = $storage->getCache();
$storage->rmdir('');
$this->logger->debug('Deleted storage for user {userId}', ['userId' => $user->getUID()]);

if ($cache instanceof Cache) {
$cache->clear();
} else {
Expand Down
2 changes: 2 additions & 0 deletions lib/private/Repair.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
use OC\DB\ConnectionAdapter;
use OC\Repair\AddAppConfigLazyMigration;
use OC\Repair\AddBruteForceCleanupJob;
use OC\Repair\AddCleanupDeletedUsersBackgroundJob;
use OC\Repair\AddCleanupUpdaterBackupsJob;
use OC\Repair\AddMetadataGenerationJob;
use OC\Repair\AddRemoveOldTasksBackgroundJob;
Expand Down Expand Up @@ -189,6 +190,7 @@ public static function getRepairSteps(): array {
\OCP\Server::get(AddAppConfigLazyMigration::class),
\OCP\Server::get(RepairLogoDimension::class),
\OCP\Server::get(RemoveLegacyDatadirFile::class),
\OCP\Server::get(AddCleanupDeletedUsersBackgroundJob::class),
];
}

Expand Down
30 changes: 30 additions & 0 deletions lib/private/Repair/AddCleanupDeletedUsersBackgroundJob.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
<?php

declare(strict_types=1);

/**
* SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OC\Repair;

use OC\User\BackgroundJobs\CleanupDeletedUsers;
use OCP\BackgroundJob\IJobList;
use OCP\Migration\IOutput;
use OCP\Migration\IRepairStep;

class AddCleanupDeletedUsersBackgroundJob implements IRepairStep {
private IJobList $jobList;

public function __construct(IJobList $jobList) {
$this->jobList = $jobList;
}

public function getName(): string {
return 'Add cleanup-deleted-users background job';
}

public function run(IOutput $output) {
$this->jobList->add(CleanupDeletedUsers::class);
}
}
2 changes: 2 additions & 0 deletions lib/private/Setup.php
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
use OC\Log\Rotate;
use OC\Preview\BackgroundCleanupJob;
use OC\TextProcessing\RemoveOldTasksBackgroundJob;
use OC\User\BackgroundJobs\CleanupDeletedUsers;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\BackgroundJob\IJobList;
use OCP\Defaults;
Expand Down Expand Up @@ -414,6 +415,7 @@ public static function installBackgroundJobs(): void {
$jobList->add(Rotate::class);
$jobList->add(BackgroundCleanupJob::class);
$jobList->add(RemoveOldTasksBackgroundJob::class);
$jobList->add(CleanupDeletedUsers::class);
}

/**
Expand Down
4 changes: 2 additions & 2 deletions lib/private/User/Backend.php
Original file line number Diff line number Diff line change
Expand Up @@ -107,9 +107,9 @@ public function userExists($uid) {
/**
* get the user's home directory
* @param string $uid the username
* @return boolean
* @return string|boolean
*/
public function getHome($uid) {
public function getHome(string $uid) {
return false;
}

Expand Down
55 changes: 55 additions & 0 deletions lib/private/User/BackgroundJobs/CleanupDeletedUsers.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
<?php

declare(strict_types=1);

/**
* SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OC\User\BackgroundJobs;

use OC\User\FailedUsersBackend;
use OC\User\Manager;
use OC\User\User;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\BackgroundJob\TimedJob;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\IConfig;
use Psr\Log\LoggerInterface;

class CleanupDeletedUsers extends TimedJob {
public function __construct(
ITimeFactory $time,
private Manager $userManager,
private IConfig $config,
private LoggerInterface $logger,
) {
parent::__construct($time);
$this->setInterval(3600);
}

protected function run($argument): void {
$backend = new FailedUsersBackend($this->config);
$users = $backend->getUsers();

if (empty($users)) {
$this->logger->debug('No failed deleted users found.');
return;
}

foreach ($users as $userId) {
try {
$user = new User(
$userId,
$backend,
\OCP\Server::get(IEventDispatcher::class),
config: $this->config,
);
$user->delete();
$this->logger->info('Cleaned up deleted user {userId}', ['userId' => $userId]);
} catch (\Throwable $error) {
$this->logger->warning('Could not cleanup deleted user {userId}', ['userId' => $userId, 'exception' => $error]);
}
}
}
}
49 changes: 49 additions & 0 deletions lib/private/User/FailedUsersBackend.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
<?php

/**
* SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OC\User;

use OCP\IConfig;
use OCP\IUserBackend;
use OCP\User\Backend\IGetHomeBackend;

/**
* This is a "fake" backend for users that were deleted,
* but not properly removed from Nextcloud (e.g. an exception occurred).
* This backend is only needed because some APIs in user-deleted-events require a "real" user with backend.
*/
class FailedUsersBackend extends Backend implements IGetHomeBackend, IUserBackend {

public function __construct(
private IConfig $config,
) {
}

public function deleteUser($uid): bool
{
// fake true, deleting failed users is automatically handled by User::delete()
return true;
}

public function getBackendName(): string {
return 'deleted users';
}

public function userExists($uid)
{
return $this->config->getUserValue($uid, 'core', 'deleted') === 'true';
}

public function getHome(string $uid): string|false {
return $this->config->getUserValue($uid, 'core', 'deleted.backup-home') ?: false;
}

public function getUsers($search = '', $limit = null, $offset = null)
{
return $this->config->getUsersForUserValue('core', 'deleted', 'true');
}

}
Loading

0 comments on commit 6c21dc7

Please sign in to comment.