Skip to content

Can't purge projects that have project oauth clients#4807

Merged
stuartc merged 3 commits into
mainfrom
fix/project-oauth-client-cleanup-on-delete
May 28, 2026
Merged

Can't purge projects that have project oauth clients#4807
stuartc merged 3 commits into
mainfrom
fix/project-oauth-client-cleanup-on-delete

Conversation

@stuartc
Copy link
Copy Markdown
Member

@stuartc stuartc commented May 28, 2026

Description

The project_oauth_clients FK on projects was created with the default
on_delete: :nothing, and ProjectHook.handle_delete_project/1 never deleted
the join rows before calling Repo.delete(project). So any project that has
an OAuth client attached fails to purge — the scheduled purge_deleted Oban
job crashes with a project_oauth_clients_project_id_fkey constraint error
and the project is stuck in the soft-deleted state forever.

Fix is straightforward: clean up the join rows alongside the other
project-scoped deletes in ProjectHook.handle_delete_project/1. The OAuth
client itself is not project-scoped so it's left alone.

Drive-by: also includes a small fix for a flaky InstallAdaptorIconsTest
where Mix.shell wasn't being restored between tests.

Validation steps

  1. New regression test in test/lightning/projects_test.exs covers it —
    insert a project with a project_oauth_client, delete the project,
    assert the join row is gone and the OAuth client survives.
  2. mix test test/lightning/projects_test.exs — all green.

AI Usage

  • I have used Claude Code
  • I have used another model
  • I have not used AI

You can read more details in our
Responsible AI Policy

Pre-submission checklist

  • I have performed an AI review of my code (we recommend using /review
    with Claude Code)
  • I have implemented and tested all related authorization policies.
    (e.g., :owner, :admin, :editor, :viewer)
  • I have updated the changelog.
  • I have ticked a box in "AI usage" in this PR

stuartc added 2 commits May 28, 2026 19:56
@stuartc
Restore Mix.shell after InstallAdaptorIconsTest
919bb3e 
The test set Mix.shell(Mix.Shell.Process) in setup without restoring it.
Mix.shell/1 is global VM state, so once this test ran the override leaked
into every subsequent test for the rest of the suite. When seed-based test
ordering interleaved an icons test before InstallSchemasTest's tally
assertion, Mix.shell().info(...) sent a message instead of writing to
stdout and capture_io got "" — surfacing as an intermittent failure.

Snapshot Mix.shell() before the override and restore it in on_exit.
@stuartc
Cascade-delete project_oauth_clients on project purge
0367cc4 
The project_oauth_clients FK was created with the default `on_delete: :nothing`,
and `ProjectHook.handle_delete_project/1` didn't remove the join rows before
`Repo.delete(project)`. Any soft-deleted project with an associated OAuth client
crashed the daily purge_deleted Oban job with `project_oauth_clients_project_id_fkey`.

Add `project_oauth_clients_query/1` and clean those rows alongside the other
project-scoped deletes. The OAuth client itself is not project-scoped and is
left intact.
@github-project-automation github-project-automation Bot moved this to New Issues in Core May 28, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 28, 2026

Security Review ✅

  • S0 (project scoping): New project_oauth_clients_query/1 in lib/lightning/projects.ex:834-836 filters ProjectOauthClient by project_id, matching sibling queries (project_credentials_query, project_users_query); only called from the internal purge hook with the already-resolved project.
  • S1 (authorization): N/A — no new web-layer actions; the purge cascade in lib/lightning/extensions/project_hook.ex:35 runs inside the already-gated handle_delete_project flow.
  • S2 (audit trail): N/A — this is a cascade cleanup during project purge, consistent with the surrounding Repo.delete_all calls in the same function which also do not emit per-row audit events.

@stuartc stuartc merged commit 4e910ec into main May 28, 2026
5 checks passed
@stuartc stuartc deleted the fix/project-oauth-client-cleanup-on-delete branch May 28, 2026 18:13
@github-project-automation github-project-automation Bot moved this from New Issues to Done in Core May 28, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 28, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.3%. Comparing base (23faa31) to head (86feb12).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##            main   #4807     +/-   ##
=======================================
- Coverage   90.3%   90.3%   -0.0%     
=======================================
  Files        442     442             
  Lines      22541   22543      +2     
=======================================
- Hits       20350   20347      -3     
- Misses      2191    2196      +5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@stuartc stuartc changed the title Cascade-delete project_oauth_clients on project purge Can't purge projects that have project oauth clients May 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Core
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stuartc