Skip to content

Commit

Permalink
providers/oauth2: cleanup tokens when user is deactivated
Browse files Browse the repository at this point in the history 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
  • Loading branch information
@rissson
rissson committed Jan 28, 2025
1 parent 141ced8 commit ea07597
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions authentik/core/api/users.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlanner
from authentik.flows.views.executor import QS_KEY_TOKEN
from authentik.lib.avatars import get_avatar
from authentik.providers.oauth2.models import DeviceToken, RefreshToken
from authentik.rbac.decorators import permission_required
from authentik.rbac.models import get_permission_choices
from authentik.stages.email.models import EmailStage
Expand Down Expand Up @@ -765,6 +766,8 @@ def partial_update(self, request: Request, *args, **kwargs) -> Response:
response = super().partial_update(request, *args, **kwargs)
instance: User = self.get_object()
if not instance.is_active:
RefreshToken.objects.filter(session__user=instance).delete()
DeviceToken.objects.filter(session__user=instance).delete()

Check warning on line 770 in authentik/core/api/users.py

View check run for this annotation

Codecov / codecov/patch

authentik/core/api/users.py#L769-L770 

Added lines #L769 - L770 were not covered by tests
sessions = AuthenticatedSession.objects.filter(user=instance)
session_ids = sessions.values_list("session_key", flat=True)
cache.delete_many(f"{KEY_PREFIX}{session}" for session in session_ids)
Expand Down

0 comments on commit ea07597

Please sign in to comment.