auth_oidc: clean accounts of deleted users (#48168)

2020-11-02 11:38:58 +01:00 · 2020-11-02 11:38:58 +01:00 · c56e4d684a
parent 9b135fac07
commit c56e4d684a
2 changed files with 39 additions and 0 deletions
--- a/src/authentic2_auth_oidc/apps.py
+++ b/src/authentic2_auth_oidc/apps.py
@ -75,3 +75,25 @@ class AppConfig(django.apps.AppConfig):

    def get_a2_plugin(self):
        return Plugin()
+
+    def ready(self):
+        from django.db.models.signals import pre_save
+        from authentic2.custom_user.models import DeletedUser
+
+        pre_save.connect(
+            self.pre_save_deleted_user,
+            sender=DeletedUser)
+
+    def pre_save_deleted_user(self, sender, instance, **kwargs):
+        '''Delete and copy OIDCAccount to old_data'''
+        from .models import OIDCAccount
+
+        oidc_accounts = (
+            OIDCAccount.objects.filter(user__uuid=instance.old_uuid).order_by('id')
+        )
+        for oidc_account in oidc_accounts:
+            instance.old_data = instance.old_data or {}
+            instance.old_data.setdefault('oidc_accounts', []).append({
+                'issuer': oidc_account.provider.issuer,
+                'sub': oidc_account.sub,
+            })
--- a/tests/test_auth_oidc.py
+++ b/tests/test_auth_oidc.py
@ -49,6 +49,7 @@ from authentic2.models import Attribute
 from authentic2.models import AttributeValue
 from authentic2.utils import last_authentication_event
 from authentic2.a2_rbac.utils import get_default_ou
+from authentic2.custom_user.models import DeletedUser

 from . import utils

@ -845,3 +846,19 @@ def test_multiple_accounts(db):
            OIDCAccount.objects.create(user=user1, provider=provider2, sub='4567')
    OIDCAccount.objects.create(user=user2, provider=provider2, sub='1234')

+
+def test_save_account_on_delete_user(db):
+    provider = make_oidc_provider(name='Provider1')
+    user = User.objects.create()
+    OIDCAccount.objects.create(user=user, provider=provider, sub='1234')
+
+    user.mark_as_deleted()
+    User.objects.cleanup(threshold=0, timestamp=now() + datetime.timedelta(seconds=1))
+    assert OIDCAccount.objects.count() == 0
+    deleted_user = DeletedUser.objects.get()
+    assert deleted_user.old_data.get('oidc_accounts') == [
+        {
+            'issuer': 'https://provider1.example.com',
+            'sub': '1234',
+        }
+    ]