[10.0.10RC1] Deleting user doesn't delete them from external storages

[PVince81]

Steps to reproduce

1. Create four users "user1", "user2", "user3", "user4"
2. Allow users mounting external storages and limit it to only "SFTP"
3. Create an external storage "/sftp" applicable to all
4. Create a global external storage "/sftpuser4" applicable to "user1", "user2", "user4", "user3" (in that order, because why not)
5. Login as "user4"
6. Create a personal storage "/sftpdirect"
7. Check that all three storages are accessible
8. Login as admin
9. Delete user4
10. Navigate to storages settings page
11. Check database tables oc_external_*

Expected behaviour

• user4 disappeared from the applicable list fo "/sftpuser4"
• database contains no trace of "/sftpuser4"
• database contains no applicable entries for "user4"

Actual behaviour

• user4 disappeared in the web UI but is present in database:

MariaDB [owncloudtest]> select * from oc_external_applicable;
+---------------+----------+------+-------+
| applicable_id | mount_id | type | value |
+---------------+----------+------+-------+
|             1 |        1 |    1 | NULL  |
|             3 |        2 |    3 | user1 |
|             4 |        2 |    3 | user2 |
|             5 |        2 |    3 | user3 |
|             6 |        3 |    3 | user4 |
+---------------+----------+------+-------+
5 rows in set (0.01 sec)

• database still contains the mount:

MariaDB [owncloudtest]> select * from oc_external_mounts;
+----------+------------------+-----------------+--------------------+----------+------+
| mount_id | mount_point      | storage_backend | auth_backend       | priority | type |
+----------+------------------+-----------------+--------------------+----------+------+
|        1 | /sftp            | sftp            | password::password |      100 |    1 |
|        2 | /sftpuser4       | sftp            | password::password |      100 |    1 |
|        3 | /sftpuser4direct | sftp            | password::password |      100 |    2 |
+----------+------------------+-----------------+--------------------+----------+------+

Server configuration

ownCloud 10.0.10 RC1
openSUSE Tumbleweed 20180731
php7-7.2.7-1.4.x86_64

Logs

Nothing relevant since the moment I accessed some files on the storage when testing:

{"reqId":"VRyjj0SY1prlOZXeRHwb","level":0,"time":"2018-09-07T10:14:19+00:00","remoteAddr":"127.0.0.1","user":"--","app":"webdav","method":"GET","url":"\/owncloudtest\/remote.php\/dav\/files\/user4\/sftp\/20180518_201208.jpg?c=5b924ef680a6c&x=32&y=32&forceIcon=0&preview=1","message":"Exception: HTTP\/1.1 401 No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured: {\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\NotAuthenticated\",\"Message\":\"No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured\",\"Code\":0,\"Trace\":\"#0 [internal function]: Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#1 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#2 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(466): Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#3 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#4 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/apps\\\/dav\\\/lib\\\/Server.php(298): Sabre\\\\DAV\\\\Server->exec()\\n#5 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/apps\\\/dav\\\/appinfo\\\/v2\\\/remote.php(31): OCA\\\\DAV\\\\Server->exec()\\n#6 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/remote.php(165): require_once('\\\/srv\\\/www\\\/htdocs...')\\n#7 {main}\",\"File\":\"\\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php\",\"Line\":168}"}
{"reqId":"u2OkDQ5YjLwvVa1QrZHQ","level":0,"time":"2018-09-07T10:14:19+00:00","remoteAddr":"127.0.0.1","user":"--","app":"webdav","method":"GET","url":"\/owncloudtest\/remote.php\/dav\/files\/user4\/sftp\/20180521_140435.jpg?c=5b924ef6820f0&x=32&y=32&forceIcon=0&preview=1","message":"Exception: HTTP\/1.1 401 No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured: {\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\NotAuthenticated\",\"Message\":\"No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured\",\"Code\":0,\"Trace\":\"#0 [internal function]: Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#1 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#2 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(466): Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#3 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#4 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/apps\\\/dav\\\/lib\\\/Server.php(298): Sabre\\\\DAV\\\\Server->exec()\\n#5 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/apps\\\/dav\\\/appinfo\\\/v2\\\/remote.php(31): OCA\\\\DAV\\\\Server->exec()\\n#6 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/remote.php(165): require_once('\\\/srv\\\/www\\\/htdocs...')\\n#7 {main}\",\"File\":\"\\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php\",\"Line\":168}"}
{"reqId":"i6zSZ6z6I4I9bWb8dDtz","level":0,"time":"2018-09-07T10:14:19+00:00","remoteAddr":"127.0.0.1","user":"user4","app":"core","method":"GET","url":"\/owncloudtest\/remote.php\/dav\/files\/user4\/sftp\/20180502_141728.jpg?c=5b924ef678fb9&x=32&y=32&forceIcon=0&preview=1","message":"OC_Image->fixOrientation() Image is not a JPEG."}
{"reqId":"i6zSZ6z6I4I9bWb8dDtz","level":0,"time":"2018-09-07T10:14:19+00:00","remoteAddr":"127.0.0.1","user":"user4","app":"core","method":"GET","url":"\/owncloudtest\/remote.php\/dav\/files\/user4\/sftp\/20180502_141728.jpg?c=5b924ef678fb9&x=32&y=32&forceIcon=0&preview=1","message":"OC_Image->fixOrientation() Orientation: -1"}
{"reqId":"IzsS1q1fUu8ZpVd99ZsP","level":0,"time":"2018-09-07T10:14:20+00:00","remoteAddr":"127.0.0.1","user":"user4","app":"core","method":"GET","url":"\/owncloudtest\/remote.php\/dav\/files\/user4\/sftp\/20180502_141717.jpg?c=5b924ef676d6d&x=32&y=32&forceIcon=0&preview=1","message":"OC_Image->fixOrientation() Image is not a JPEG."}
{"reqId":"IzsS1q1fUu8ZpVd99ZsP","level":0,"time":"2018-09-07T10:14:20+00:00","remoteAddr":"127.0.0.1","user":"user4","app":"core","method":"GET","url":"\/owncloudtest\/remote.php\/dav\/files\/user4\/sftp\/20180502_141717.jpg?c=5b924ef676d6d&x=32&y=32&forceIcon=0&preview=1","message":"OC_Image->fixOrientation() Orientation: -1"}
{"reqId":"bemYOnIPrG8yWp7zymQI","level":0,"time":"2018-09-07T10:14:20+00:00","remoteAddr":"127.0.0.1","user":"user4","app":"core","method":"GET","url":"\/owncloudtest\/remote.php\/dav\/files\/user4\/sftp\/20180516_174802.jpg?c=5b924ef67ec72&x=32&y=32&forceIcon=0&preview=1","message":"OC_Image->fixOrientation() Image is not a JPEG."}
{"reqId":"bemYOnIPrG8yWp7zymQI","level":0,"time":"2018-09-07T10:14:20+00:00","remoteAddr":"127.0.0.1","user":"user4","app":"core","method":"GET","url":"\/owncloudtest\/remote.php\/dav\/files\/user4\/sftp\/20180516_174802.jpg?c=5b924ef67ec72&x=32&y=32&forceIcon=0&preview=1","message":"OC_Image->fixOrientation() Orientation: -1"}
{"reqId":"tuUx0CWOSKrtvRVpAIEd","level":0,"time":"2018-09-07T10:14:21+00:00","remoteAddr":"127.0.0.1","user":"--","app":"webdav","method":"GET","url":"\/owncloudtest\/remote.php\/dav\/files\/user4\/sftp\/20180521_140946.jpg?c=5b924ef683809&x=32&y=32&forceIcon=0&preview=1","message":"Exception: HTTP\/1.1 401 No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured: {\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\NotAuthenticated\",\"Message\":\"No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured\",\"Code\":0,\"Trace\":\"#0 [internal function]: Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#1 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#2 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(466): Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#3 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#4 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/apps\\\/dav\\\/lib\\\/Server.php(298): Sabre\\\\DAV\\\\Server->exec()\\n#5 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/apps\\\/dav\\\/appinfo\\\/v2\\\/remote.php(31): OCA\\\\DAV\\\\Server->exec()\\n#6 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/remote.php(165): require_once('\\\/srv\\\/www\\\/htdocs...')\\n#7 {main}\",\"File\":\"\\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php\",\"Line\":168}"}
{"reqId":"1WdgNHkAkA2rm2AOMz4i","level":0,"time":"2018-09-07T10:14:39+00:00","remoteAddr":"127.0.0.1","user":"--","app":"no app in context","method":"POST","url":"\/owncloudtest\/index.php\/login","message":"CSRF check failed"}
{"reqId":"YF7ppCdVslDeELsKQA0p","level":0,"time":"2018-09-07T10:14:42+00:00","remoteAddr":"127.0.0.1","user":"--","app":"OC\\User\\Session::login","method":"POST","url":"\/owncloudtest\/index.php\/login","message":"regenerating session id for uid admin, password set"}
{"reqId":"G9KaBZAruJIy54Zlv6HR","level":3,"time":"2018-09-07T10:14:50+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"PHP","method":"GET","url":"\/owncloudtest\/index.php\/settings\/users","message":"Undefined index: add_password at \/srv\/www\/htdocs\/owncloudtest\/settings\/templates\/users\/main.php#85"}

@sharidas

[PVince81]

I did check that the user was deleted in oc_users

[ownclouders]

GitMate.io thinks the contributor most likely able to help you is @ownclouders.

Possibly related issues are #27274 (delete), #26936 (Alternative key storage location doesn't delete all keys after deleting user), #13557 (Delete file on non-local storage does not properly delete file), #20750 (Can't delete folder on external SMB storage), and #16533 (Can't delete multiple files on external storage).

[PVince81]

@sharidas were you able to reproduce this ?

Looking at your results in #32655 it seems that the removal in "applicable" already worked for you. Please confirm, on stable10.

[sharidas]

Yes I was able to reproduce this issue.

[PVince81]

the unit test here https://github.com/owncloud/core/pull/32069/files#diff-31407757e5ad52b7e7c4a81530bb4113R162 seems to validate that the user was removed from the "applicable" array, so not sure why it's not working now