auth_oidc: clean accounts of deleted users (#48168)
This commit is contained in:
parent
9b135fac07
commit
c56e4d684a
|
@ -75,3 +75,25 @@ class AppConfig(django.apps.AppConfig):
|
|||
|
||||
def get_a2_plugin(self):
|
||||
return Plugin()
|
||||
|
||||
def ready(self):
|
||||
from django.db.models.signals import pre_save
|
||||
from authentic2.custom_user.models import DeletedUser
|
||||
|
||||
pre_save.connect(
|
||||
self.pre_save_deleted_user,
|
||||
sender=DeletedUser)
|
||||
|
||||
def pre_save_deleted_user(self, sender, instance, **kwargs):
|
||||
'''Delete and copy OIDCAccount to old_data'''
|
||||
from .models import OIDCAccount
|
||||
|
||||
oidc_accounts = (
|
||||
OIDCAccount.objects.filter(user__uuid=instance.old_uuid).order_by('id')
|
||||
)
|
||||
for oidc_account in oidc_accounts:
|
||||
instance.old_data = instance.old_data or {}
|
||||
instance.old_data.setdefault('oidc_accounts', []).append({
|
||||
'issuer': oidc_account.provider.issuer,
|
||||
'sub': oidc_account.sub,
|
||||
})
|
||||
|
|
|
@ -49,6 +49,7 @@ from authentic2.models import Attribute
|
|||
from authentic2.models import AttributeValue
|
||||
from authentic2.utils import last_authentication_event
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.custom_user.models import DeletedUser
|
||||
|
||||
from . import utils
|
||||
|
||||
|
@ -845,3 +846,19 @@ def test_multiple_accounts(db):
|
|||
OIDCAccount.objects.create(user=user1, provider=provider2, sub='4567')
|
||||
OIDCAccount.objects.create(user=user2, provider=provider2, sub='1234')
|
||||
|
||||
|
||||
def test_save_account_on_delete_user(db):
|
||||
provider = make_oidc_provider(name='Provider1')
|
||||
user = User.objects.create()
|
||||
OIDCAccount.objects.create(user=user, provider=provider, sub='1234')
|
||||
|
||||
user.mark_as_deleted()
|
||||
User.objects.cleanup(threshold=0, timestamp=now() + datetime.timedelta(seconds=1))
|
||||
assert OIDCAccount.objects.count() == 0
|
||||
deleted_user = DeletedUser.objects.get()
|
||||
assert deleted_user.old_data.get('oidc_accounts') == [
|
||||
{
|
||||
'issuer': 'https://provider1.example.com',
|
||||
'sub': '1234',
|
||||
}
|
||||
]
|
||||
|
|
Loading…
Reference in New Issue