misc: clean LDAP accounts of deleted users (#48168)

This commit is contained in:
Benjamin Dauvergne 2020-11-02 14:48:13 +01:00
parent 5ece3924bf
commit 9dea38f1b4
2 changed files with 37 additions and 3 deletions

View File

@ -28,7 +28,7 @@ from django.utils import timezone
from django.contrib.auth.models import BaseUserManager
from authentic2 import app_settings
from authentic2.models import Attribute, AttributeValue
from authentic2.models import Attribute, AttributeValue, UserExternalId
from authentic2.utils.lookups import Unaccent, ImmutableConcat
@ -136,6 +136,18 @@ class UserQuerySet(models.QuerySet):
deleted_user.old_email = user.email.rsplit('#', 1)[0]
if 'uuid' in app_settings.A2_USER_DELETED_KEEP_DATA:
deleted_user.old_uuid = user.uuid
# save LDAP account references
external_ids = UserExternalId.objects.filter(user=user).order_by('id')
if external_ids.exists():
deleted_user.old_data = {'external_ids': []}
for external_id in external_ids:
deleted_user.old_data['external_ids'].append(
{
'source': external_id.source,
'external_id': external_id.external_id,
}
)
external_ids.delete()
deleted_user.save()
qs.delete()

View File

@ -20,9 +20,10 @@ import datetime
from django.core.exceptions import ValidationError
from django.core import management
from django.utils.timezone import now
from authentic2.custom_user.models import User
from authentic2.models import Attribute, AttributeValue
from authentic2.custom_user.models import User, DeletedUser
from authentic2.models import Attribute, AttributeValue, UserExternalId
def test_user_clean_username(db, settings):
@ -236,3 +237,24 @@ def test_attribute_values_order(db):
val1, val2 = attribute_values[:2]
assert val1.attribute.label == 'phone'
assert val2.attribute.label == 'birthdate'
def test_save_userexternalid_on_delete_user(db):
user = User.objects.create()
UserExternalId.objects.create(user=user, source='ldap1', external_id='1234')
UserExternalId.objects.create(user=user, source='ldap2', external_id='4567')
user.mark_as_deleted()
User.objects.cleanup(threshold=0, timestamp=now() + datetime.timedelta(seconds=1))
assert UserExternalId.objects.count() == 0
deleted_user = DeletedUser.objects.get()
assert deleted_user.old_data.get('external_ids') == [
{
'source': 'ldap1',
'external_id': '1234',
},
{
'source': 'ldap2',
'external_id': '4567',
}
]