From cfcd54ca194b62458bc94c598ed252e7db36ea70 Mon Sep 17 00:00:00 2001
From: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Date: Tue, 24 Jun 2025 14:01:52 +0200
Subject: [PATCH] sources: sync: use send_on_save

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
---
 authentik/sources/kerberos/models.py  |  2 ++
 authentik/sources/kerberos/signals.py | 10 ----------
 authentik/sources/ldap/models.py      |  2 ++
 authentik/sources/ldap/signals.py     | 11 -----------
 authentik/sources/ldap/tasks.py       |  2 +-
 authentik/tasks/schedules/signals.py  |  2 +-
 6 files changed, 6 insertions(+), 23 deletions(-)

diff --git a/authentik/sources/kerberos/models.py b/authentik/sources/kerberos/models.py
index d12c2034d2..0a95dcd3e0 100644
--- a/authentik/sources/kerberos/models.py
+++ b/authentik/sources/kerberos/models.py
@@ -148,12 +148,14 @@ class KerberosSource(ScheduledModel, Source):
                 uid=self.pk,
                 args=(self.pk,),
                 crontab=f"{fqdn_rand('kerberos_sync/' + str(self.pk))} */2 * * *",
+                send_on_save=True,
             ),
             ScheduleSpec(
                 actor=kerberos_connectivity_check,
                 uid=self.pk,
                 args=(self.pk,),
                 crontab=f"{fqdn_rand('kerberos_connectivity_check/' + str(self.pk))} * * * *",
+                send_on_save=True,
             ),
         ]
 
diff --git a/authentik/sources/kerberos/signals.py b/authentik/sources/kerberos/signals.py
index aca314db9b..b475ac6be2 100644
--- a/authentik/sources/kerberos/signals.py
+++ b/authentik/sources/kerberos/signals.py
@@ -10,23 +10,13 @@ from authentik.core.models import User
 from authentik.core.signals import password_changed
 from authentik.events.models import Event, EventAction
 from authentik.sources.kerberos.models import (
-    KerberosSource,
     Krb5ConfContext,
     UserKerberosSourceConnection,
 )
-from authentik.sources.kerberos.tasks import kerberos_connectivity_check
 
 LOGGER = get_logger()
 
 
-@receiver(post_save, sender=KerberosSource)
-def sync_kerberos_source_on_save(sender, instance: KerberosSource, **_):
-    """Ensure that source is synced on save (if enabled)"""
-    if not instance.enabled or not instance.sync_users:
-        return
-    kerberos_connectivity_check.send(instance.pk)
-
-
 @receiver(password_changed)
 def kerberos_sync_password(sender, user: User, password: str, **_):
     """Connect to kerberos and update password."""
diff --git a/authentik/sources/ldap/models.py b/authentik/sources/ldap/models.py
index 63ec041771..36ad9b2036 100644
--- a/authentik/sources/ldap/models.py
+++ b/authentik/sources/ldap/models.py
@@ -172,12 +172,14 @@ class LDAPSource(ScheduledModel, Source):
                 uid=self.pk,
                 args=(self.pk,),
                 crontab=f"{fqdn_rand('ldap_sync/' + str(self.pk))} */2 * * *",
+                send_on_save=True,
             ),
             ScheduleSpec(
                 actor=ldap_connectivity_check,
                 uid=self.pk,
                 args=(self.pk,),
                 crontab=f"{fqdn_rand('ldap_connectivity_check/' + str(self.pk))} * * * *",
+                send_on_save=True,
             ),
         ]
 
diff --git a/authentik/sources/ldap/signals.py b/authentik/sources/ldap/signals.py
index 38850afca3..7d7b725bd8 100644
--- a/authentik/sources/ldap/signals.py
+++ b/authentik/sources/ldap/signals.py
@@ -2,7 +2,6 @@
 
 from typing import Any
 
-from django.db.models.signals import post_save
 from django.dispatch import receiver
 from django.utils.translation import gettext_lazy as _
 from ldap3.core.exceptions import LDAPOperationResult
@@ -20,16 +19,6 @@ from authentik.stages.prompt.signals import password_validate
 LOGGER = get_logger()
 
 
-@receiver(post_save, sender=LDAPSource)
-def sync_ldap_source_on_save(sender, instance: LDAPSource, created: bool, **_):
-    """Ensure that source is synced on save (if enabled)"""
-    # On creation, schedules are automatically run
-    if created or not instance.enabled:
-        return
-    for schedule in instance.schedules.all():
-        schedule.send()
-
-
 @receiver(password_validate)
 def ldap_password_validate(sender, password: str, plan_context: dict[str, Any], **__):
     """if there's an LDAP Source with enabled password sync, check the password"""
diff --git a/authentik/sources/ldap/tasks.py b/authentik/sources/ldap/tasks.py
index 101f1d8245..46e165d6c8 100644
--- a/authentik/sources/ldap/tasks.py
+++ b/authentik/sources/ldap/tasks.py
@@ -54,7 +54,7 @@ def ldap_connectivity_check(pk: str | None = None):
 )
 def ldap_sync(source_pk: str):
     """Sync a single source"""
-    source: LDAPSource = LDAPSource.objects.filter(pk=source_pk).first()
+    source: LDAPSource = LDAPSource.objects.filter(pk=source_pk, enabled=True).first()
     if not source:
         return
     with source.sync_lock as lock_acquired:
diff --git a/authentik/tasks/schedules/signals.py b/authentik/tasks/schedules/signals.py
index ea5c41e2a5..135c73ea14 100644
--- a/authentik/tasks/schedules/signals.py
+++ b/authentik/tasks/schedules/signals.py
@@ -5,7 +5,7 @@ from authentik.tasks.schedules.models import ScheduledModel
 
 
 @receiver(post_save)
-def post_save_schedule_mixin(sender, instance: ScheduledModel, **_):
+def post_save_scheduled_model(sender, instance, **_):
     if not isinstance(instance, ScheduledModel):
         return
     for spec in instance.schedule_specs: