sync-cut: defederate and invalidate email of deleted accounts (#25178)

2018-07-10 12:03:05 +02:00 · 2018-07-10 12:03:05 +02:00 · dd9e9977ae
parent 674354c12c
commit dd9e9977ae
1 changed files with 22 additions and 0 deletions
--- a/src/authentic2_gnm/management/commands/sync-cut.py
+++ b/src/authentic2_gnm/management/commands/sync-cut.py
@ -34,6 +34,28 @@ class Command(BaseCommand):

        verbose = int(options['verbosity']) > 0

+        # check all existing users
+        def chunks(l, n):
+            for i in range(0, len(l), n):
+                yield l[i:i + n]
+
+        url = settings.CUT_API_BASE_URL + 'users/synchronization/'
+        for provider in OIDCProvider.objects.all():
+            unknown_uuids = []
+            auth = (provider.client_id, provider.client_secret)
+            for accounts in chunks(OIDCAccount.objects.filter(provider=provider), 100):
+                subs = [x.sub for x in accounts]
+                resp = requests.post(url, json={'known_uuids': subs}, auth=auth)
+                unknown_uuids.extend(resp.json().get('unknown_uuids'))
+
+            for account in OIDCAccount.objects.filter(sub__in=unknown_uuids):
+                if verbose:
+                    print 'disabling', account.user.email, account.user.ou
+                account.user.email = account.user.email + '.invalid'
+                account.user.save()
+            OIDCAccount.objects.filter(sub__in=unknown_uuids).delete()
+
+        # get new agents
        cut_agents = OIDCProvider.objects.get(name='cut-agents')

        ou_mapping = settings.CUT_GNM_OU_MAPPING