clean-unused-account: also delete never-logged-in users (#74890)

2023-02-27 12:29:14 +01:00 · 2023-02-27 12:29:14 +01:00 · 3a6aa92e56
parent 575cf199e6
commit 3a6aa92e56
2 changed files with 36 additions and 3 deletions
--- a/src/authentic2/management/commands/clean-unused-accounts.py
+++ b/src/authentic2/management/commands/clean-unused-accounts.py
@ -94,7 +94,10 @@ class Command(BaseCommand):
            active_users.update(last_account_deletion_alert=None)

            inactive_users = ou_users.filter(
-                Q(last_login__lte=self.now - alert_delay)
+                (
+                    Q(last_login__lte=self.now - alert_delay)
+                    | (Q(last_login__isnull=True) & Q(date_joined__lte=self.now - alert_delay))
+                )
                & (Q(keepalive__isnull=True) | Q(keepalive__lte=self.now - alert_delay))
            )

@ -106,9 +109,12 @@ class Command(BaseCommand):
                self.send_alert(user, days_to_deletion=days_to_deletion, days_of_inactivity=alert_delay.days)

            inactive_users_to_delete = inactive_users.filter(
-                last_login__lte=self.now - deletion_delay,
+                (
+                    Q(last_login__lte=self.now - deletion_delay)
+                    | Q(last_login__isnull=True) & Q(date_joined__lte=self.now - deletion_delay)
+                )
                # ensure respect of alert delay before deletion
-                last_account_deletion_alert__lte=self.now - (deletion_delay - alert_delay),
+                & Q(last_account_deletion_alert__lte=self.now - (deletion_delay - alert_delay))
            )
            for user in inactive_users_to_delete[:count]:
                logger.info(
--- a/tests/test_commands.py
+++ b/tests/test_commands.py
@ -155,6 +155,33 @@ def test_clean_unused_account_keepalive(app, db, simple_user, mailoutbox, freeze
    assert len(mailoutbox) == 0


+def test_clean_unused_account_never_logged_in(app, db, simple_user, mailoutbox, freezer):
+    freezer.move_to('2018-01-01')
+    simple_user.ou.clean_unused_accounts_alert = 2
+    simple_user.ou.clean_unused_accounts_deletion = 3
+    simple_user.ou.save()
+
+    simple_user.last_login = None
+    simple_user.keepalive = None
+    simple_user.date_joined = now() - datetime.timedelta(days=4)
+    simple_user.save()
+
+    call_command('clean-unused-accounts')
+    assert len(mailoutbox) == 1
+
+    freezer.move_to('2018-01-03')
+    call_command('clean-unused-accounts')
+    assert len(mailoutbox) == 2
+    assert (
+        Event.objects.filter(
+            type__name='user.deletion.inactivity', user=simple_user, data__email=simple_user.email
+        ).count()
+        == 1
+    )
+    deleted_user = DeletedUser.objects.get()
+    assert deleted_user.old_user_id == simple_user.id
+
+
 def test_clean_unused_account_keepalive_after_alert(app, db, simple_user, mailoutbox, freezer):
    freezer.move_to('2018-01-01')
    simple_user.ou.clean_unused_accounts_alert = 2