sync-cut: do not change user's email on OIDCAccount deletion (#63132)

2022-03-24 08:44:23 +01:00 · 2022-03-24 08:44:23 +01:00 · 1fdb1285f7
parent 7b4bdfab4c
commit 1fdb1285f7
2 changed files with 3 additions and 15 deletions
--- a/src/authentic2_gnm/management/commands/sync-cut.py
+++ b/src/authentic2_gnm/management/commands/sync-cut.py
@ -49,19 +49,10 @@ class Command(BaseCommand):
            resp = requests.post(url, json={'known_uuids': subs}, auth=auth)
            resp.raise_for_status()
            unknown_uuids.extend(resp.json().get('unknown_uuids'))
-
        deletion_ratio = len(unknown_uuids) / OIDCAccount.objects.filter(provider=cut_users).count()
        if deletion_ratio > 0.05:  # higher than 5%, something definitely went wrong
            print(f'deletion ratio is abnormally high ({deletion_ratio}), aborting unkwown users deletion')
-
        else:
-            for account in OIDCAccount.objects.filter(sub__in=unknown_uuids):
-                if verbose:
-                    print('disabling', account.user.email, account.user.ou)
-                account.user.email = account.user.email + '.%s.invalid' % (
-                    datetime.datetime.now().strftime('%Y-%m-%dT%H-%M-%S')
-                )
-                account.user.save()
            OIDCAccount.objects.filter(sub__in=unknown_uuids).delete()

        # update recently modified users
--- a/tests/test_commands.py
+++ b/tests/test_commands.py
@ -3,7 +3,7 @@ import uuid

 import httmock
 import pytest
-import requests
+
 from authentic2.a2_rbac.utils import get_default_ou
 from authentic2.utils import crypto
 from authentic2_auth_oidc.models import OIDCAccount
@ -11,13 +11,11 @@ from django.contrib.auth import get_user_model
 from django.core.management import call_command


-@pytest.mark.parametrize('deletion_number_and_validity', [(2, True), (5, True), (10, False)])
+@pytest.mark.parametrize('deletion_number,deletion_valid', [(2, True), (5, True), (10, False)])
 def test_user_synchronization_deletion_threshold(
-    db, app, admin, settings, capsys, oidc_provider, deletion_number_and_validity
+    db, app, admin, settings, capsys, oidc_provider, deletion_number, deletion_valid
 ):
    User = get_user_model()
-    deletion_number = deletion_number_and_validity[0]
-    deletion_valid = deletion_number_and_validity[1]
    for i in range(100):
        user = User.objects.create(
            first_name='John%s' % i,
@ -70,7 +68,6 @@ def test_user_synchronization_deletion_threshold(
            assert not err
            if deletion_valid:
                # existing users check
-                assert out.count('disabling') == deletion_number
                assert OIDCAccount.objects.count() == 100 - deletion_number
            else:
                assert 'deletion ratio is abnormally high' in out