Security: Contracts available through user_id only.

[feefladder]

Is your feature request related to a problem? Please describe. If you delete your nextcloud account and someone else creates an account with the same username, all contracts the previous user has signed show up in Libresign as if signed by the new user. This is a security risk.

Describe the solution you'd like All data related to a user should be deleted when they delete their user account, (right to be forgotten). Set the 'user_id' to be a foreign key of the 'users' table with 'onDelete' => 'CASCADE'

Describe alternatives you've considered I don't know, maybe some hooks on when a user is deleted or something.

Additional context I'm testing Libresign to enhance data sharing as the only FOSS contracting/licensing solution I could find.

[vitormattos]

Will be fixed in the next version. Thanks for your issue.

[vitormattos]

Maybe a possible problem to use a logic like cascade is that will delete all files that an user signed.

Maybe will be necessary add random chars at LibreSign table and concatenate to uid at LibreSign tables. I don't know what Nextcloud do in other cases, by example when an user send a comment in a file or create a card on deck or anything else. Will be necessary check what will the best approach.

[feefladder]

Hmm, I thought such a logic would comply with "the right to be forgotten"? Then also, there would be reasons to keep such contracts, for example if a dispute should arrive after a user has left the Nextcloud. All I could find in other cases is that there is no foreign key constraint made, but user data does get deleted when a user is deleted in some unknow-to-me way.

[vitormattos]

there would be reasons to keep such contracts, for example if a dispute should arrive after a user has left the Nextcloud

This is a very important point. The signed files can't be deleted. Only will be deleted when the owner of file is the account that will be deleted because the file is stored in the account file folder. If the signed file is inside a group folder or in a shared folder, don't will be deleted and will trigger this issue.

We will need to think more about this to identify a way to solve this issue.

Maybe, a possible solution would be to don't associate the file directly to Nextcloud account, I think that this will make possible to delete the association from the person that will sign the file and the Nextcloud account associated with this person when an account is deleted.

I'm working to implement the follow issue:

• https://github.com/LibreSign/libresign/issues/1921

As you can look, have in the down left side a database diagram and I think that this structure of tables will solve the problem.

This will be a big work and I will need help to do this as you can look here:

• https://github.com/LibreSign/libresign/issues/1959

[vitormattos]

Could you check again at the newest release of LibreSign?

I made a lot of improvements.

Closing this issue as solved.

If this issue persists, don't hesitate to open a new issue making reference to this.

[!NOTE]

If you like this app, don't hesitate to help us

Ways to help this project:

• Creating a very nice review of this project at:
  • social networks like LinkedIn, Instagram, etc and putting the @LibreSign and @LibreCodeCoop
  • AlternativeTo https://alternativeto.net/software/libresign/
  • Nextcloud apps store: https://apps.nextcloud.com/apps/libresign
• Sponsoring the development by GitHub sponsor https://github.com/sponsors/LibreSign
• helping the translations on Transifex
• contacting us to have Enterprise support: https://libresign.coop