fix disabling of missing ldap users (#344) and allow deletion of all user types

2025-09-14 06:51:15 +00:00 · 2025-01-18 17:39:18 +01:00
parent 31c0daeba8
commit c73ce0288e
4 changed files with 30 additions and 11 deletions
--- a/internal/app/auth/auth.go
+++ b/internal/app/auth/auth.go
@@ -373,7 +373,7 @@ func (a *Authenticator) processUserInfo(
 	case err != nil:
 		return nil, fmt.Errorf("registration disabled, cannot create missing user: %w", err)
 	default:
-		err = a.updateExternalUser(ctx, user, userInfo)
+		err = a.updateExternalUser(ctx, user, userInfo, source, provider)
 		if err != nil {
 			return nil, fmt.Errorf("failed to update user: %w", err)
 		}
@@ -432,6 +432,8 @@ func (a *Authenticator) updateExternalUser(
 	ctx context.Context,
 	existingUser *domain.User,
 	userInfo *domain.AuthenticatorUserInfo,
+	source domain.UserSource,
+	provider string,
 ) error {
 	if existingUser.IsLocked() || existingUser.IsDisabled() {
 		return nil // user is locked or disabled, do not update
@@ -462,6 +464,14 @@ func (a *Authenticator) updateExternalUser(
 		existingUser.IsAdmin = userInfo.IsAdmin
 		isChanged = true
 	}
+	if existingUser.Source != source {
+		existingUser.Source = source
+		isChanged = true
+	}
+	if existingUser.ProviderName != provider {
+		existingUser.ProviderName = provider
+		isChanged = true
+	}

 	if !isChanged {
 		return nil // nothing to update