CRITICAL: Incomplete user deletion - orphaned data risk #70
Labels
No Label
architecture
backend
bug
feature
frontend
priority:critical
priority:high
priority:low
priority:medium
priority:nice-to-have
ux
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: null/BillTracker#70
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Bug Description
The DELETE /api/admin/users/:id route (routes/admin.js:317-325) only explicitly deletes from 4 tables: import_sessions, import_history, sessions, and users. It then relies on ON DELETE CASCADE foreign keys to clean up the remaining 25+ tables.
The problem: the code manually deletes import_sessions and import_history BEFORE deleting the user row. If foreign_keys pragma is ever disabled (e.g., during migration, or in a test environment), the cascade wont fire, leaving orphaned data across bills, payments, categories, transactions, monthly_bill_state, bill_history_ranges, bill_templates, data_sources, financial_accounts, and more.
Even with foreign_keys ON, the explicit deletes before the user delete are redundant and potentially confusing -- the cascade would handle those anyway.
Affected Code
routes/admin.js:317-325
db.transaction(() => {
db.prepare("DELETE FROM import_sessions WHERE user_id = ?").run(user.id);
db.prepare("DELETE FROM import_history WHERE user_id = ?").run(user.id);
db.prepare("DELETE FROM sessions WHERE user_id = ?").run(user.id);
db.prepare("DELETE FROM users WHERE id = ?").run(user.id);
});
Impact
If PRAGMA foreign_keys is ever OFF, user deletion leaves orphaned data across the entire database. This could leak data across user boundaries or cause referential integrity errors.
Recommended Fix
closed v0.34.2.1