server: Delete user collections when deleting account

The server when deleting an account didn't delete the collections that the user owned, but should have.

server/src/main/kotlin/dev/medzik/librepass/server/controllers/api/User.kt

@@ -3,10 +3,7 @@ package dev.medzik.librepass.server.controllers.api
 import dev.medzik.librepass.responses.ResponseError
 import dev.medzik.librepass.server.components.AuthorizedUser
 import dev.medzik.librepass.server.controllers.advice.InvalidTwoFactorCodeException
-import dev.medzik.librepass.server.database.CipherRepository
-import dev.medzik.librepass.server.database.TokenRepository
-import dev.medzik.librepass.server.database.UserRepository
-import dev.medzik.librepass.server.database.UserTable
+import dev.medzik.librepass.server.database.*
 import dev.medzik.librepass.server.utils.Response
 import dev.medzik.librepass.server.utils.ResponseHandler
 import dev.medzik.librepass.server.utils.Validator.validateSharedKey
@@ -28,7 +25,8 @@ class UserController
     constructor(
         private val userRepository: UserRepository,
         private val tokenRepository: TokenRepository,
-        private val cipherRepository: CipherRepository
+        private val cipherRepository: CipherRepository,
+        private val collectionRepository: CollectionRepository
     ) {
         @PatchMapping("/password")
         fun changePassword(
@@ -115,8 +113,9 @@ class UserController
             if (user.twoFactorEnabled && body.code != TOTP.getTOTPCode(user.twoFactorSecret!!))
                 throw InvalidTwoFactorCodeException()
 
-            tokenRepository.deleteAllByOwner(user.id)
+            collectionRepository.deleteAllByOwner(user.id)
             cipherRepository.deleteAllByOwner(user.id)
+            tokenRepository.deleteAllByOwner(user.id)
             userRepository.delete(user)
 
             return ResponseHandler.generateResponse(HttpStatus.OK)

server/src/main/kotlin/dev/medzik/librepass/server/database/CipherRepository.kt

@@ -57,7 +57,11 @@ interface CipherRepository : CrudRepository<CipherTable, UUID> {
         @Param("data") data: String
     )
 
-    /** Remove all tokens owned by the user */
+    /**
+     * Delete all tokens owned by the user.
+     *
+     * @param owner The user identifier.
+     */
     @Transactional
     @Modifying
     fun deleteAllByOwner(owner: UUID)

server/src/main/kotlin/dev/medzik/librepass/server/database/CollectionRepository.kt

@@ -1,5 +1,7 @@
 package dev.medzik.librepass.server.database
 
+import jakarta.transaction.Transactional
+import org.springframework.data.jpa.repository.Modifying
 import org.springframework.data.repository.CrudRepository
 import java.util.*
 
@@ -24,4 +26,13 @@ interface CollectionRepository : CrudRepository<CollectionTable, UUID> {
      * @return A list of all collections owned by the given user.
      */
     fun findAllByOwner(owner: UUID): List<CollectionTable>
+
+    /**
+     * Delete all collections owned by the user.
+     *
+     * @param owner The user identifier.
+     */
+    @Transactional
+    @Modifying
+    fun deleteAllByOwner(owner: UUID)
 }

server/src/main/kotlin/dev/medzik/librepass/server/database/TokenRepository.kt

@@ -14,7 +14,11 @@ interface TokenRepository : CrudRepository<TokenTable, String> {
     @Query("DELETE FROM #{#entityName} t WHERE t.lastUsed < :lastUsedBefore")
     fun deleteUnused(lastUsedBefore: Date)
 
-    /** Remove all tokens owned by the user */
+    /**
+     * Delete all tokens owned by the user.
+     *
+     * @param owner The user identifier.
+     */
     @Transactional
     @Modifying
     fun deleteAllByOwner(owner: UUID)