fix: scope DestroyUser to only delete target user's pre-auth keys

DestroyUser called ListPreAuthKeys(tx) which returns ALL keys in the
database, then deleted every one of them. This caused deleting any
single user to wipe all pre-auth keys system-wide.

Fix: query only keys belonging to the user being deleted using
tx.Where("user_id = ?", uid).Find(&keys).

Fixes: https://github.com/juanfont/headscale/issues/3154
This commit is contained in:
Jacky
2026-04-05 14:24:01 +09:00
parent 97fa117c48
commit 78926fbde4
+2 -2
View File
@@ -58,8 +58,8 @@ func DestroyUser(tx *gorm.DB, uid types.UserID) error {
return ErrUserStillHasNodes
}
keys, err := ListPreAuthKeys(tx)
if err != nil {
var keys []types.PreAuthKey
if err := tx.Where("user_id = ?", uid).Find(&keys).Error; err != nil {
return err
}
for _, key := range keys {