[FIX] Deletion of non active users and OIDC provisionning

source/app/blueprints/login/login_routes.py

@@ -218,20 +218,23 @@ def oidc_authorise():
         email_field = app.config.get("OIDC_MAPPING_EMAIL")
         username_field = app.config.get("OIDC_MAPPING_USERNAME")
 
-        user_login = access_token_resp['id_token'].get(email_field) or access_token_resp['id_token'].get(username_field)
+        user_login = access_token_resp['id_token'].get(username_field) or access_token_resp['id_token'].get(email_field)
         user_name = access_token_resp['id_token'].get(email_field) or access_token_resp['id_token'].get(username_field)
 
         user = get_user(user_login, 'user')
 
         if not user:
-            if app.config.get("AUTHENTICATION_CREATE_USER_IF_NOT_EXISTS") is False:
+            log.warning(f"OIDC user {user_login} not found in database")
+            if app.config.get("AUTHENTICATION_CREATE_USER_IF_NOT_EXIST") is False:
+                log.warning(f"Authentication is set to not create user if not exists")
                 track_activity(
                     f"OIDC user {user_login} not found in database",
                     ctx_less=True,
                     display_in_ui=False,
                 )
                 return response_error("User not found in IRIS", 404)
 
+            log.info(f"Creating OIDC user {user_login} in database")
             track_activity(
                 f"Creating OIDC user {user_login} in database",
                 ctx_less=True,

source/app/blueprints/manage/manage_users.py

@@ -543,7 +543,8 @@ def view_delete_user(cur_id):
         track_activity(message="deleted user ID {}".format(cur_id), ctx_less=True)
         return response_success("Deleted user ID {}".format(cur_id))
 
-    except Exception:
+    except Exception as e:
+        print(e)
         db.session.rollback()
         track_activity(message="tried to delete active user ID {}".format(cur_id), ctx_less=True)
         return response_error("Cannot delete active user")

source/app/configuration.py

@@ -206,7 +206,8 @@ class AuthenticationType(Enum):
 authentication_type = os.environ.get('IRIS_AUTHENTICATION_TYPE',
                                      config.get('IRIS', 'AUTHENTICATION_TYPE', fallback="local"))
 
-authentication_create_user_if_not_exists = config.load('IRIS', 'AUTHENTICATION_CREATE_USER_IF_NOT_EXIST')
+authentication_create_user_if_not_exists = config.load('IRIS', 'AUTHENTICATION_CREATE_USER_IF_NOT_EXIST',
+                                                        fallback="False")
 
 tls_root_ca = os.environ.get('TLS_ROOT_CA',
                              config.get('IRIS', 'TLS_ROOT_CA', fallback=None))

source/app/datamgmt/manage/manage_users_db.py

@@ -31,7 +31,7 @@
 from app.iris_engine.access_control.utils import ac_get_detailed_effective_permissions_from_groups
 from app.iris_engine.access_control.utils import ac_remove_case_access_from_user
 from app.iris_engine.access_control.utils import ac_set_case_access_for_user
-from app.models import Cases, Client
+from app.models import Cases, Client, UserActivity
 from app.models.authorization import CaseAccessLevel, UserClient
 from app.models.authorization import Group
 from app.models.authorization import Organisation
@@ -699,6 +699,10 @@ def update_user(user: User, name: str = None, email: str = None, password: str =
 
 
 def delete_user(user_id):
+    # Migrate the user activity to a shadow user
+
+    UserActivity.query.filter(UserActivity.user_id == user_id).update({UserActivity.user_id: None})
+
     UserCaseAccess.query.filter(UserCaseAccess.user_id == user_id).delete()
     UserOrganisation.query.filter(UserOrganisation.user_id == user_id).delete()
     UserGroup.query.filter(UserGroup.user_id == user_id).delete()