Remove users refresh tokens when the user get's deactivated (#159443)

2026-03-21 05:06:13 +01:00 · 2025-12-19 15:50:47 +01:00
parent 43e9c24c18
commit 4a464f601c
2 changed files with 22 additions and 0 deletions
--- a/homeassistant/auth/init.py
+++ b/homeassistant/auth/init.py
@@ -402,6 +402,8 @@ class AuthManager:
        if user.is_owner:
            raise ValueError("Unable to deactivate the owner")
        await self._store.async_deactivate_user(user)
+        for refresh_token in list(user.refresh_tokens.values()):
+            self.async_remove_refresh_token(refresh_token)

    async def async_remove_credentials(self, credentials: models.Credentials) -> None:
        """Remove credentials."""