From 28900fe38dae9142d0aa7f271c63d74c269a3f43 Mon Sep 17 00:00:00 2001
From: Art Lukyanchyk <artiom.lukyanchyk@hs-hannover.de>
Date: Sun, 29 Aug 2021 22:26:03 +0200
Subject: [PATCH] Cleanup inactive users

---
 ssoauth/app_settings/defaults.py |  5 +++++
 ssoauth/apps.py                  | 22 +++++++++++++++++++++-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/ssoauth/app_settings/defaults.py b/ssoauth/app_settings/defaults.py
index e8e98d8..890acbd 100644
--- a/ssoauth/app_settings/defaults.py
+++ b/ssoauth/app_settings/defaults.py
@@ -1,5 +1,6 @@
 import os
 from django.conf import settings as django_settings
+from datetime import timedelta
 
 
 """
@@ -49,6 +50,10 @@ PREDEFINED_GROUPS = {
     # {"superusers": [ssoauth.SUPERUSER_PERM_CODENAME]}
 }
 
+# if last login has been long ago then users are cleaned up
+CLEANUP_DEACTIVATE_AFTER = timedelta(days=7)  # people are getting suspicious because of the old users that still seem active according to django
+CLEANUP_DELETE_USER_AFTER = timedelta(days=180)
+
 
 """
 Settings you might want to change on development (don't change them for production):
diff --git a/ssoauth/apps.py b/ssoauth/apps.py
index 891a8cc..e5813d6 100644
--- a/ssoauth/apps.py
+++ b/ssoauth/apps.py
@@ -2,6 +2,10 @@ from django.apps import AppConfig
 from django.contrib.auth.management import create_permissions
 from django.core import management
 from django.db.models.signals import post_migrate
+from django.db.utils import OperationalError, ProgrammingError
+from django.db.models import Q
+from django.contrib.auth import get_user_model
+from django.utils import timezone
 from . import app_settings
 from . import logger
 from . import sso_utils
@@ -13,7 +17,7 @@ class SSOAuthConfig(AppConfig):
 
     def ready(self, *args, **kwargs):
         if not checks:
-            raise RuntimeError("Checks are not imported.")
+            raise RuntimeError("Importing/running checks would be nice...")
         super().ready(*args, **kwargs)
         # OneLogin settings stuff
         try:
@@ -26,6 +30,11 @@ class SSOAuthConfig(AppConfig):
                 logger.warning(msg)
         # default groups
         post_migrate.connect(self.post_migrate_callback, sender=self)
+        # cleanup
+        try:
+            self.cleanup_users()
+        except (OperationalError, ProgrammingError,) as e:
+            return [Warning("ssoauth could not cleanup users. Not migrated yet?")]
 
     @staticmethod
     def post_migrate_callback(*args, **kwargs):
@@ -34,3 +43,14 @@ class SSOAuthConfig(AppConfig):
         # custom and compatibility groups and permissions
         management.call_command("ssoauth_setup_groups_and_perms")
 
+    def cleanup_users(self):
+        for user in get_user_model().objects.filter(Q(last_login__isnull=True) | Q(last_login__lte=timezone.now() - app_settings.CLEANUP_DELETE_USER_AFTER)):
+            logger.info("Deleting inactive user: {0}".format(user))
+            user.delete()
+        for user in get_user_model().objects.filter(last_login__lte=timezone.now() - app_settings.CLEANUP_DEACTIVATE_AFTER).filter(Q(is_active=True) | Q(is_superuser=True) | Q(is_staff=True)):
+            logger.info("Deactivating user: {0}".format(user))
+            user.is_active = False
+            user.is_superuser = False
+            user.is_staff = False
+            user.save()
+
-- 
GitLab