Uninstall step 1

pkg_script.php

@@ -22,7 +22,9 @@ final class pkg_hydroraindropInstallerScript
     public function postflight($route, JAdapterInstance $adapter)
     {
         if (in_array($route, array('install', 'update', 'discover_install'))) {
-			$this->install($adapter);
+			return $this->install($adapter);
+		} else if ($route == 'uninstall') {
+			return $this->uninstall($adapter);
 		}
     }
 
@@ -43,5 +45,19 @@ public function install(JAdapterInstance $adapter)
 		$query->where($db->qn('folder') . ' = ' . $db->q('system'));
 		$db->setQuery($query);
 		$db->execute();
+		return true;
+	}
+
+	/**
+	 * Called on uninstallation
+	 *
+	 * @param   JAdapterInstance  $adapter  The object responsible for running this script
+	 *
+	 * @return  boolean  True on success
+	 */
+	public function uninstall(JAdapterInstance $adapter)
+    {
+
+		return true;
     }
 }

plg_twofactorauth_hydroraindrop/hydro-raindrop-token.php

@@ -85,4 +85,23 @@ public function unsetAccessToken()
 		$db->setQuery($query);
 		$db->execute();
 	}
+
+	/**
+	 * @param string|int $user_id
+	 * @return void
+	 */
+	public function unsetAccessTokenForUser($user_id)
+	{
+		$user = JFactory::getUser();
+		$db = JFactory::getDbo();
+		$query = $db->getQuery(true);
+		$conditions = array(
+			$db->quoteName('user_id') . ' = ' . $user_id,
+			$db->quoteName('profile_key') . ' = ' . $db->quote('profile.HydroRaindropToken')
+		);
+		$query->delete($db->quoteName('#__user_profiles'));
+		$query->where($conditions);
+		$db->setQuery($query);
+		$db->execute();
+	}
 }

plg_twofactorauth_hydroraindrop/hydroraindrop.php

@@ -377,6 +377,7 @@ public function onUserTwofactorApplyConfiguration($method)
 			return false;
 		}
 
+		$user_id = isset($rawData['id']) ? $rawData['id'] : $this->user->id;
 		$hydro_id = $data['hydro_id'];
 
 		if (!empty($hydro_id)) {
@@ -388,12 +389,13 @@ public function onUserTwofactorApplyConfiguration($method)
 			}
 
 			$model = new UsersModelUser;
-			$otp = $model->getOtpConfig($this->user->id);
+			$otp = $model->getOtpConfig($user_id);
 
 			try {
-				$this->client->registerUser($hydro_id);
+				// clean first
+				$this->clean(false, false, $user_id);
 
-				$this->clean();
+				$this->client->registerUser($hydro_id);
 
 				return (object)array(
 					'method' => 'hydroraindrop',
@@ -410,7 +412,7 @@ public function onUserTwofactorApplyConfiguration($method)
 				 * Edge case: A user tries to re-register with Hydro ID. If the user meta has been deleted, the
 				 *            user can re-use his Hydro ID but needs to verify it again.
 				 */
-				$this->clean();
+				$this->clean(false, false, $user_id);
 
 				return (object)array(
 					'method' => 'hydroraindrop',
@@ -421,7 +423,7 @@ public function onUserTwofactorApplyConfiguration($method)
 					'otep' => array()
 				);
 			} catch (RegisterUserFailed $e) {
-				$this->clean(true);
+				$this->clean(true, false, $user_id);
 				$this->enqueue($e->getMessage());
 			}
 		}
@@ -590,15 +592,17 @@ private function view_data($message, $error = null, $user_id = null)
 	 *
 	 * @param bool $session Clear the session data.
 	 * @param bool $logout Log the user out.
-	 * 
+	 * @param string $user_id If passed remove the token for user id.
 	 * @throws Exception When message could not be generated.
 	 */
-	private function clean(bool $session = false, bool $logout = false)
+	private function clean(bool $session = false, bool $logout = false, $user_id = null)
 	{
 		// check if the user in on the frontend
 		if (!$this->validConfig || !$this->app->isClient('site'))
 			return;
-		$this->token_storage->unsetAccessToken();
+		// remove the token
+		if ($user_id)
+			$this->token_storage->unsetAccessTokenForUser($user_id);
 		// remove the cookie
 		$this->app->input->cookie->set(self::COOKIE_NAME, '', strtotime('-1 day'), $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain'), $this->app->isSSLConnection());
 		if ($session)
@@ -632,7 +636,7 @@ private function need_unregister() {
 				} catch (UnregisterUserFailed $e) {
 					$this->enqueue($e->getMessage());
 				}
-				$this->clean(true);
+				$this->clean(true, false, $this->user->id);
 			}
 		}
 	}