fix: clean up WebAuthn credentials when Test API deletes a user

devondragon · devondragon · commit 2aa2910a80f0 · 2026-06-11T20:50:13.000-06:00
Deleting a user with registered passkeys failed on the user_entities foreign
key. Publish UserPreDeleteEvent so the framework's WebAuthnPreDeleteEventListener
removes the credentials and user entity first, same as the normal deletion flow.
diff --git a/src/main/java/com/digitalsanctuary/spring/demo/test/api/TestDataController.java b/src/main/java/com/digitalsanctuary/spring/demo/test/api/TestDataController.java
@@ -6,6 +6,7 @@
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.annotation.Profile;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -19,6 +20,7 @@
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import com.digitalsanctuary.spring.demo.user.profile.DemoUserProfileRepository;
+import com.digitalsanctuary.spring.user.event.UserPreDeleteEvent;
 import com.digitalsanctuary.spring.user.persistence.model.PasswordResetToken;
 import com.digitalsanctuary.spring.user.persistence.model.Role;
 import com.digitalsanctuary.spring.user.persistence.model.User;
@@ -50,6 +52,7 @@ public class TestDataController {
     private final RoleRepository roleRepository;
     private final PasswordEncoder passwordEncoder;
     private final DemoUserProfileRepository demoUserProfileRepository;
+    private final ApplicationEventPublisher eventPublisher;
 
     /**
      * Check if a user exists by email.
@@ -231,6 +234,10 @@ public ResponseEntity<Map<String, Object>> deleteTestUser(@RequestParam String e
             return ResponseEntity.status(HttpStatus.NOT_FOUND).body(response);
         }
 
+        // Let framework listeners clean up their data first (e.g. WebAuthn credentials and user
+        // entities, which have a foreign key on the user account)
+        eventPublisher.publishEvent(new UserPreDeleteEvent(this, user));
+
         // Delete related entities first to avoid foreign key constraints
         demoUserProfileRepository.findById(user.getId()).ifPresent(demoUserProfileRepository::delete);
 
