unused-accounts: do not delete users from existing LDAP configuration (#75145)

2023-03-07 10:47:13 +01:00 · 2023-03-07 10:47:13 +01:00 · d4b0c13a1b
parent 9d40371feb
commit d4b0c13a1b
2 changed files with 5 additions and 4 deletions
--- a/src/authentic2/management/commands/clean-unused-accounts.py
+++ b/src/authentic2/management/commands/clean-unused-accounts.py
@ -118,7 +118,8 @@ class Command(BaseCommand):
                & (
                    Q(last_account_deletion_alert__lte=self.now - (deletion_delay - alert_delay))
                    | Q(last_login__isnull=True)
-                    & (Q(oidc_account__isnull=False) | Q(userexternalid__source__in=realms))
+                    & Q(oidc_account__isnull=False)
+                    & ~Q(userexternalid__source__in=realms)
                )
            )
            for user in inactive_users_to_delete[:count]:
--- a/tests/test_commands.py
+++ b/tests/test_commands.py
@ -222,10 +222,10 @@ def test_clean_unused_federated_account_never_logged_in(app, db, simple_user, ma
        Event.objects.filter(
            type__name='user.deletion.inactivity', user=ldap_user, data__email=ldap_user.email
        ).count()
-        == 1
+        == 0
    )
-    assert DeletedUser.objects.count() == 2
-    assert {deleted.old_user_id for deleted in DeletedUser.objects.all()} == {simple_user.id, ldap_user.id}
+    assert DeletedUser.objects.count() == 1
+    assert {deleted.old_user_id for deleted in DeletedUser.objects.all()} == {simple_user.id}


 def test_clean_unused_federated_account_logged_in_untouched(app, db, simple_user, mailoutbox, freezer):