habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f4ac2f50e2fb380a9b4910fbaa5c5542f734c617
authentik/authentik/sources/saml/tasks.py
Jens Langhammer f4ac2f50e2 sources/saml: check sessions before deleting user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 12:39:10 +02:00

45 lines
1.7 KiB
Python
Raw Blame History

"""authentik saml source tasks"""
from django.utils.timezone import now
from structlog.stdlib import get_logger
from authentik.core.models import AuthenticatedSession, User
from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus
from authentik.lib.utils.time import timedelta_from_string
from authentik.root.celery import CELERY_APP
from authentik.sources.saml.models import SAMLSource
LOGGER = get_logger()
@CELERY_APP.task(bind=True, base=MonitoredTask)
def clean_temporary_users(self: MonitoredTask):
"""Remove temporary users created by SAML Sources"""
_now = now()
messages = []
deleted_users = 0
for user in User.objects.filter(attributes__saml__isnull=False):
sources = SAMLSource.objects.filter(
pk=user.attributes.get("saml", {}).get("source", "")
)
if not sources.exists():
LOGGER.warning(
"User has an invalid SAML Source and won't be deleted!", user=user
)
messages.append(
f"User {user} has an invalid SAML Source and won't be deleted!"
)
continue
source = sources.first()
source_delta = timedelta_from_string(source.temporary_user_delete_after)
if (
_now - user.last_login >= source_delta
and not AuthenticatedSession.objects.filter(user=user).exists()
):
LOGGER.debug(
"User is expired and will be deleted.", user=user, delta=source_delta
)
user.delete()
deleted_users += 1
messages.append(f"Successfully deleted {deleted_users} users.")
self.set_status(TaskResult(TaskResultStatus.SUCCESSFUL, messages))
Reference in New Issue View Git Blame Copy Permalink