actions: un-verify user attributes in backoffice FC unlink action (#66577)

src/authentic2_cut/actions.py

@@ -15,16 +15,27 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+from authentic2.models import AttributeValue
+
 from . import models
 
 
 class RemoveFranceConnect:
     name = 'remove-franceconnect'
-    title = 'Supprimer la liaison FranceConnect'
-    confirm = 'Êtes-vous sûr?'
+    title = 'Supprimer la liaison FranceConnect et déverrouiller les attributs vérifiés de l’usager'
+    confirm = 'Êtes-vous sûr(e) ?'
     permission = 'custom_user.cut_fc_user'
 
     def do(self, view, request, user, *args, **kwargs):
+        if user.attributes.validated and user.attributes.validation_context in (
+            'FC',
+            'fc',
+        ):  # inconsistency in authentic2_cut.apps
+            AttributeValue.objects.with_owner(user).update(verified=False)
+            user.attributes.validation_context = None
+            user.attributes.validation_date = None
+            user.attributes.validation_partner = None
+            user.attributes.validated = False
         user.fc_accounts.all().delete()
 
     def display(self, user, request):

tests/test_hooks.py

@@ -1,7 +1,10 @@
 from authentic2.custom_user.models import Profile, ProfileType
 from authentic2.manager.tables import UserTable
 from authentic2.manager.user_views import UsersView
+from authentic2.models import Attribute, AttributeValue
+from authentic2_auth_fc.models import FcAccount
 from django.contrib.auth import get_user_model
+from django.utils.timezone import now
 from utils import login
 
 from authentic2_cut.apps import AppConfig
@@ -97,3 +100,37 @@ def test_a2_hook_idp_oidc_modify_user_info(db, rf, app):
     for claim, value in user_info.items():
         if claim.endswith('_phone') or claim.startswith('address_'):
             assert value is None
+
+
+def test_a2_hook_manager_modify_other_actions_remove_fc(db, rf, app, admin):
+    class DummyModule:
+        __path__ = [
+            './dummy',
+        ]
+
+    dummy = DummyModule()
+    title = Attribute.objects.get(name='title')
+    app_config = AppConfig('authentic2_cut', dummy)
+
+    User = get_user_model()
+    user = User.objects.create(email='john.doe@example.org', first_name='John', last_name='Doe')
+
+    AttributeValue.objects.create(owner=user, attribute=title, content='Mr')
+    FcAccount.objects.create(user=user, sub='sub1')
+    user.attributes.validation_context = 'FC'
+    user.attributes.validation_date = now().date()
+    user.attributes.validation_partner = 'lambda'
+    user.attributes.validated = True
+
+    response = login(app, admin, f'/manage/users/{user.id}/')
+    assert 'Supprimer la liaison FranceConnect' in response.text
+    response = response.forms['object-actions'].submit('remove-franceconnect')
+    assert 'Supprimer la liaison FranceConnect' not in response.text
+
+    user = User.objects.get(email='john.doe@example.org')
+    assert FcAccount.objects.filter(user=user).count() == 0
+    assert AttributeValue.objects.with_owner(user).filter(verified=True).count() == 0
+    assert not user.attributes.validation_context
+    assert not user.attributes.validation_date
+    assert not user.attributes.validation_partner
+    assert not user.attributes.validated