ldap: deactivate orphaned users of old sources (#52924)

2021-04-09 18:53:43 +02:00 · 2021-04-09 18:53:43 +02:00 · 318c709f24
parent 4fca92f547
commit 318c709f24
2 changed files with 14 additions and 0 deletions
--- a/src/authentic2/backends/ldap_backend.py
+++ b/src/authentic2/backends/ldap_backend.py
@ -1511,6 +1511,10 @@ class LDAPBackend(object):
                external_id__in=eids, user__is_active=True, source=block['realm']
            ):
                eid.user.mark_as_inactive()
+        # Handle users of old sources
+        uei_qs = UserExternalId.objects.exclude(source__in=[block['realm'] for block in cls.get_config()])
+        for user in User.objects.filter(userexternalid__in=uei_qs):
+            user.mark_as_inactive()

    @classmethod
    def ad_encoding(cls, s):
--- a/tests/test_ldap.py
+++ b/tests/test_ldap.py
@ -258,6 +258,16 @@ def test_deactivate_orphaned_users(slapd, settings, client, db):
        ldap_backend.UserExternalId.objects.filter(user__is_active=False, source=block['realm']).count() == 1
    )

+    # rename source realm
+    settings.LDAP_AUTH_SETTINGS = [
+        {'url': [slapd.ldap_url], 'basedn': 'o=ôrga', 'use_tls': False, 'realm': 'test'}
+    ]
+
+    ldap_backend.LDAPBackend.deactivate_orphaned_users()
+    assert (
+        ldap_backend.UserExternalId.objects.filter(user__is_active=False, source=block['realm']).count() == 6
+    )
+

@pytest.mark.django_db
 def test_simple_with_binddn(slapd, settings, client):