sync-cut: defederate and invalidate email of deleted accounts (#25178)
This commit is contained in:
parent
674354c12c
commit
dd9e9977ae
|
@ -34,6 +34,28 @@ class Command(BaseCommand):
|
||||||
|
|
||||||
verbose = int(options['verbosity']) > 0
|
verbose = int(options['verbosity']) > 0
|
||||||
|
|
||||||
|
# check all existing users
|
||||||
|
def chunks(l, n):
|
||||||
|
for i in range(0, len(l), n):
|
||||||
|
yield l[i:i + n]
|
||||||
|
|
||||||
|
url = settings.CUT_API_BASE_URL + 'users/synchronization/'
|
||||||
|
for provider in OIDCProvider.objects.all():
|
||||||
|
unknown_uuids = []
|
||||||
|
auth = (provider.client_id, provider.client_secret)
|
||||||
|
for accounts in chunks(OIDCAccount.objects.filter(provider=provider), 100):
|
||||||
|
subs = [x.sub for x in accounts]
|
||||||
|
resp = requests.post(url, json={'known_uuids': subs}, auth=auth)
|
||||||
|
unknown_uuids.extend(resp.json().get('unknown_uuids'))
|
||||||
|
|
||||||
|
for account in OIDCAccount.objects.filter(sub__in=unknown_uuids):
|
||||||
|
if verbose:
|
||||||
|
print 'disabling', account.user.email, account.user.ou
|
||||||
|
account.user.email = account.user.email + '.invalid'
|
||||||
|
account.user.save()
|
||||||
|
OIDCAccount.objects.filter(sub__in=unknown_uuids).delete()
|
||||||
|
|
||||||
|
# get new agents
|
||||||
cut_agents = OIDCProvider.objects.get(name='cut-agents')
|
cut_agents = OIDCProvider.objects.get(name='cut-agents')
|
||||||
|
|
||||||
ou_mapping = settings.CUT_GNM_OU_MAPPING
|
ou_mapping = settings.CUT_GNM_OU_MAPPING
|
||||||
|
|
Reference in New Issue