PMC-383

gulliver/system/class.rbac.php

@@ -841,15 +841,18 @@ class RBAC
      */
     public static function destroySessionUser($usrUid)
     {
+        //remove all register of tables related to the token
+        (new OauthAccessTokens())->removeByUser($usrUid);
+        (new OauthRefreshTokens())->removeByUser($usrUid);
+        (new PmoauthUserAccessTokens())->removeByUser($usrUid);
+        (new OauthAuthorizationCodes())->removeByUser($usrUid);
+
         $loginLog = new LoginLog();
         $sessionId = $loginLog->getSessionsIdByUser($usrUid);
         if ($sessionId) {
             //remove all login log row's of LOGIN_LOG table
             $loginLog->removeByUser($usrUid);
             //remove all register of tables
-            (new OauthAccessTokens())->removeByUser($usrUid);
-            (new OauthRefreshTokens())->removeByUser($usrUid);
-            (new OauthAuthorizationCodes())->removeByUser($usrUid);
             (new Session())->removeByUser($usrUid);
 
             // 1. commit session if it's started.

workflow/engine/classes/model/PmoauthUserAccessTokens.php

@@ -29,4 +29,20 @@ class PmoauthUserAccessTokens extends BasePmoauthUserAccessTokens
 
         return (is_array($result) && empty($result)) ? false : $result[0];
     }
+
+    /**
+     * Delete all records related to a user uid
+     *
+     * @param string $userUid User uid
+     *
+     * @return int
+     */
+    public function removeByUser($userUid)
+    {
+        $criteria = new Criteria();
+        $criteria->add(PmoauthUserAccessTokensPeer::USER_ID, $userUid);
+        $resultSet = PmoauthUserAccessTokensPeer::doDelete($criteria);
+
+        return $resultSet;
+    }
 } // PmoauthUserAccessTokens