Correct SeAT API logic (#860)

* Do not attempt to change user email on SeAT if unchanged. This prevents HTTP422 from being raised on password resets. *Delete users on deactivation. The existing disable user logic does nothing and results in a HTTP500. It's safe to delete users entirely - the API keys are retained. Fixes #844
2026-02-08 16:16:18 +01:00 · 2017-09-08 13:42:35 -04:00
parent 3f454743a9
commit 0ac0f71fef
3 changed files with 18 additions and 29 deletions
--- a/services/modules/seat/manager.py
+++ b/services/modules/seat/manager.py
@@ -75,25 +75,6 @@ class SeatManager:
            return username
        return None

-    @classmethod
-    def disable_user(cls, username):
-        """ Disable user """
-        ret = cls.exec_request('user/{}'.format(username), 'put', active=0)
-        logger.debug(ret)
-        ret = cls.exec_request('user/{}'.format(username), 'put', email="")
-        logger.debug(ret)
-        if cls._response_ok(ret):
-            try:
-                cls.update_roles(username, [])
-                logger.info("Disabled SeAT user with username %s" % username)
-                return username
-            except KeyError:
-                # if something goes wrong, delete user from seat instead of disabling
-                if cls.delete_user(username):
-                    return username
-        logger.info("Failed to disabled SeAT user with username %s" % username)
-        return None
-
    @classmethod
    def enable_user(cls, username):
        """ Enable user """
@@ -105,14 +86,22 @@ class SeatManager:
        logger.info("Failed to enabled SeAT user with username %s" % username)
        return None

+    @classmethod
+    def _check_email_changed(cls, username, email):
+        """Compares email to one set on SeAT"""
+        ret = cls.exec_request('user/{}'.format(username), 'get', raise_for_status=True)
+        return ret['email'] != email
+
    @classmethod
    def update_user(cls, username, email, password):
        """ Edit user info """
-        logger.debug("Updating SeAT username %s with email %s and password" % (username, email))
-        ret = cls.exec_request('user/{}'.format(username), 'put', email=email)
-        logger.debug(ret)
-        if not cls._response_ok(ret):
-            logger.warn("Failed to update email for username {}".format(username))
+        if cls._check_email_changed(username, email):
+            # if we try to set the email to whatever it is already on SeAT, we get a HTTP422 error
+            logger.debug("Updating SeAT username %s with email %s and password" % (username, email))
+            ret = cls.exec_request('user/{}'.format(username), 'put', email=email)
+            logger.debug(ret)
+            if not cls._response_ok(ret):
+                logger.warn("Failed to update email for username {}".format(username))
        ret = cls.exec_request('user/{}'.format(username), 'put', password=password)
        logger.debug(ret)
        if not cls._response_ok(ret):