sync-cut: do not change user's email on OIDCAccount deletion (#63132)
This commit is contained in:
parent
7b4bdfab4c
commit
1fdb1285f7
|
@ -49,19 +49,10 @@ class Command(BaseCommand):
|
|||
resp = requests.post(url, json={'known_uuids': subs}, auth=auth)
|
||||
resp.raise_for_status()
|
||||
unknown_uuids.extend(resp.json().get('unknown_uuids'))
|
||||
|
||||
deletion_ratio = len(unknown_uuids) / OIDCAccount.objects.filter(provider=cut_users).count()
|
||||
if deletion_ratio > 0.05: # higher than 5%, something definitely went wrong
|
||||
print(f'deletion ratio is abnormally high ({deletion_ratio}), aborting unkwown users deletion')
|
||||
|
||||
else:
|
||||
for account in OIDCAccount.objects.filter(sub__in=unknown_uuids):
|
||||
if verbose:
|
||||
print('disabling', account.user.email, account.user.ou)
|
||||
account.user.email = account.user.email + '.%s.invalid' % (
|
||||
datetime.datetime.now().strftime('%Y-%m-%dT%H-%M-%S')
|
||||
)
|
||||
account.user.save()
|
||||
OIDCAccount.objects.filter(sub__in=unknown_uuids).delete()
|
||||
|
||||
# update recently modified users
|
||||
|
|
|
@ -3,7 +3,7 @@ import uuid
|
|||
|
||||
import httmock
|
||||
import pytest
|
||||
import requests
|
||||
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.utils import crypto
|
||||
from authentic2_auth_oidc.models import OIDCAccount
|
||||
|
@ -11,13 +11,11 @@ from django.contrib.auth import get_user_model
|
|||
from django.core.management import call_command
|
||||
|
||||
|
||||
@pytest.mark.parametrize('deletion_number_and_validity', [(2, True), (5, True), (10, False)])
|
||||
@pytest.mark.parametrize('deletion_number,deletion_valid', [(2, True), (5, True), (10, False)])
|
||||
def test_user_synchronization_deletion_threshold(
|
||||
db, app, admin, settings, capsys, oidc_provider, deletion_number_and_validity
|
||||
db, app, admin, settings, capsys, oidc_provider, deletion_number, deletion_valid
|
||||
):
|
||||
User = get_user_model()
|
||||
deletion_number = deletion_number_and_validity[0]
|
||||
deletion_valid = deletion_number_and_validity[1]
|
||||
for i in range(100):
|
||||
user = User.objects.create(
|
||||
first_name='John%s' % i,
|
||||
|
@ -70,7 +68,6 @@ def test_user_synchronization_deletion_threshold(
|
|||
assert not err
|
||||
if deletion_valid:
|
||||
# existing users check
|
||||
assert out.count('disabling') == deletion_number
|
||||
assert OIDCAccount.objects.count() == 100 - deletion_number
|
||||
else:
|
||||
assert 'deletion ratio is abnormally high' in out
|
||||
|
|
Reference in New Issue