unused-accounts: explicitely skip ldap users (#75196)
gitea/authentic/pipeline/head This commit looks good
Details
gitea/authentic/pipeline/head This commit looks good
Details
This commit is contained in:
parent
d4b0c13a1b
commit
bb1b5e22d5
|
@ -31,7 +31,6 @@ from authentic2.a2_rbac.models import OrganizationalUnit
|
|||
from authentic2.backends import get_user_queryset
|
||||
from authentic2.backends.ldap_backend import LDAPBackend
|
||||
from authentic2.journal_event_types import UserDeletionForInactivity, UserNotificationInactivity
|
||||
from authentic2.models import UserExternalId
|
||||
from authentic2.utils.misc import send_templated_mail
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
@ -65,7 +64,8 @@ class Command(BaseCommand):
|
|||
|
||||
self.now = timezone.now()
|
||||
|
||||
self.user_qs = get_user_queryset().exclude(email='')
|
||||
realms = [block['realm'] for block in LDAPBackend.get_config() if block.get('realm')]
|
||||
self.user_qs = get_user_queryset().exclude(email='').exclude(userexternalid__source__in=realms)
|
||||
|
||||
translation.activate(settings.LANGUAGE_CODE)
|
||||
try:
|
||||
|
@ -75,7 +75,6 @@ class Command(BaseCommand):
|
|||
|
||||
def clean_unused_accounts(self):
|
||||
count = app_settings.A2_CLEAN_UNUSED_ACCOUNTS_MAX_MAIL_PER_PERIOD
|
||||
realms = [block['realm'] for block in LDAPBackend.get_config() if block.get('realm')]
|
||||
for ou in OrganizationalUnit.objects.filter(clean_unused_accounts_alert__isnull=False):
|
||||
alert_delay = timedelta(days=ou.clean_unused_accounts_alert)
|
||||
deletion_delay = timedelta(days=ou.clean_unused_accounts_deletion)
|
||||
|
@ -99,9 +98,7 @@ class Command(BaseCommand):
|
|||
# send first alert to users having never received an alert beforehand, skipping
|
||||
# federated users
|
||||
inactive_users_first_alert = inactive_users.filter(
|
||||
Q(last_account_deletion_alert__isnull=True)
|
||||
& Q(oidc_account__isnull=True)
|
||||
& ~Q(userexternalid__source__in=realms)
|
||||
Q(last_account_deletion_alert__isnull=True) & Q(oidc_account__isnull=True)
|
||||
)
|
||||
days_to_deletion = ou.clean_unused_accounts_deletion - ou.clean_unused_accounts_alert
|
||||
for user in inactive_users_first_alert[:count]:
|
||||
|
@ -117,9 +114,7 @@ class Command(BaseCommand):
|
|||
# or if user is federated and never logged-in
|
||||
& (
|
||||
Q(last_account_deletion_alert__lte=self.now - (deletion_delay - alert_delay))
|
||||
| Q(last_login__isnull=True)
|
||||
& Q(oidc_account__isnull=False)
|
||||
& ~Q(userexternalid__source__in=realms)
|
||||
| Q(last_login__isnull=True) & Q(oidc_account__isnull=False)
|
||||
)
|
||||
)
|
||||
for user in inactive_users_to_delete[:count]:
|
||||
|
@ -129,12 +124,10 @@ class Command(BaseCommand):
|
|||
ou.clean_unused_accounts_deletion,
|
||||
)
|
||||
|
||||
known_sources = set(UserExternalId.objects.filter(user=user).values_list('source', flat=True))
|
||||
self.delete_user(
|
||||
user,
|
||||
days_of_inactivity=deletion_delay.days,
|
||||
send_mail=user.last_login
|
||||
or not (getattr(user, 'oidc_account', None) or known_sources & set(realms)),
|
||||
send_mail=user.last_login or not getattr(user, 'oidc_account', None),
|
||||
)
|
||||
|
||||
def send_alert(self, user, days_to_deletion, days_of_inactivity):
|
||||
|
|
|
@ -227,6 +227,20 @@ def test_clean_unused_federated_account_never_logged_in(app, db, simple_user, ma
|
|||
assert DeletedUser.objects.count() == 1
|
||||
assert {deleted.old_user_id for deleted in DeletedUser.objects.all()} == {simple_user.id}
|
||||
|
||||
ldap_user.last_login = ldap_user.keepalive = now() - datetime.timedelta(days=4)
|
||||
ldap_user.date_joined = now() - datetime.timedelta(days=5)
|
||||
ldap_user.save()
|
||||
|
||||
call_command('clean-unused-accounts')
|
||||
assert len(mailoutbox) == 0
|
||||
assert (
|
||||
Event.objects.filter(
|
||||
type__name='user.deletion.inactivity', user=ldap_user, data__email=ldap_user.email
|
||||
).count()
|
||||
== 0
|
||||
)
|
||||
assert DeletedUser.objects.count() == 1
|
||||
|
||||
|
||||
def test_clean_unused_federated_account_logged_in_untouched(app, db, simple_user, mailoutbox, freezer):
|
||||
freezer.move_to('2018-01-01')
|
||||
|
|
Loading…
Reference in New Issue