Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Symptom:
Create a user account.
Authenticate using oauth and allow access to the oauth client.
Request a refresh token.
Delete the user account.
Attempt to use the refresh token.
Result:
EntityMetadataWrapperException: Unable to get the data property name as the parent data structure is not set. in EntityStructureWrapper->getPropertyValue() (line 438 of /sites/all/modules/entity/includes/entity.wrapper.inc).
As long as clients continue to request refresh token for this token, it will throw exceptions.
Cause:
Exception stack trace points back to:
oauth2_server/Storage::getRefreshToken() line 203:
'user_id' => $token_wrapper->user->name->value(),
When a user account is deleted the rows in the oauth2_server_token table for that user still exit.
The token is fetched (successfully) from the database however the $token_wrapper->user is NULL because the user no longer exists. Exception thrown.
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | oauth2_server-cancel-user-account-2258195-2.patch | 544 bytes | aaronaverill |
Comments
Comment #1
aaronaverill CreditAttribution: aaronaverill commentedFix for issue: delete token row associated with user when the user's account is canceled.
Comment #2
aaronaverill CreditAttribution: aaronaverill commentedComment #3
bojanz CreditAttribution: bojanz commentedWe need to use entity_delete() since tokens are entities.
Comment #4
pjcdawkins CreditAttribution: pjcdawkins at Centarro commentedI've committed a fix. Thanks @aaronaverill