sync-cut: defederate and invalidate email of deleted accounts (#25178)
This commit is contained in:
parent
674354c12c
commit
dd9e9977ae
|
@ -34,6 +34,28 @@ class Command(BaseCommand):
|
|||
|
||||
verbose = int(options['verbosity']) > 0
|
||||
|
||||
# check all existing users
|
||||
def chunks(l, n):
|
||||
for i in range(0, len(l), n):
|
||||
yield l[i:i + n]
|
||||
|
||||
url = settings.CUT_API_BASE_URL + 'users/synchronization/'
|
||||
for provider in OIDCProvider.objects.all():
|
||||
unknown_uuids = []
|
||||
auth = (provider.client_id, provider.client_secret)
|
||||
for accounts in chunks(OIDCAccount.objects.filter(provider=provider), 100):
|
||||
subs = [x.sub for x in accounts]
|
||||
resp = requests.post(url, json={'known_uuids': subs}, auth=auth)
|
||||
unknown_uuids.extend(resp.json().get('unknown_uuids'))
|
||||
|
||||
for account in OIDCAccount.objects.filter(sub__in=unknown_uuids):
|
||||
if verbose:
|
||||
print 'disabling', account.user.email, account.user.ou
|
||||
account.user.email = account.user.email + '.invalid'
|
||||
account.user.save()
|
||||
OIDCAccount.objects.filter(sub__in=unknown_uuids).delete()
|
||||
|
||||
# get new agents
|
||||
cut_agents = OIDCProvider.objects.get(name='cut-agents')
|
||||
|
||||
ou_mapping = settings.CUT_GNM_OU_MAPPING
|
||||
|
|
Reference in New Issue