auditlog: skip notification for admin triggered account removal

This leaks admin IP address to the user. Fixes WeblateOrg#9983
nijel · Sep 19, 2023 · 9a54380 · 9a54380
1 parent 15059e5
commit 9a54380
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 3 deletions.
diff --git a/weblate/accounts/models.py b/weblate/accounts/models.py
@@ -323,6 +323,7 @@ def should_notify(self):
             and self.user.is_active
             and self.user.email
             and self.activity in NOTIFY_ACTIVITY
+            and not self.params.get("skip_notify")
         )
 
     def check_rate_limit(self, request):

diff --git a/weblate/accounts/utils.py b/weblate/accounts/utils.py
@@ -15,13 +15,13 @@
 from weblate.trans.signals import user_pre_delete
 
 
-def remove_user(user, request):
+def remove_user(user, request, **params):
     """Remove user account."""
     # Send signal (to commit any pending changes)
     user_pre_delete.send(instance=user, sender=user.__class__)
 
     # Store activity log and notify
-    AuditLog.objects.create(user, request, "removed")
+    AuditLog.objects.create(user, request, "removed", **params)
 
     # Remove any email validation codes
     invalidate_reset_codes(user)

diff --git a/weblate/accounts/views.py b/weblate/accounts/views.py
@@ -578,7 +578,7 @@ def post(self, request, **kwargs):
                 user.groups.remove(form.cleaned_data["remove_group"])
                 return HttpResponseRedirect(self.get_success_url() + "#groups")
         if "remove_user" in request.POST:
-            remove_user(user, request)
+            remove_user(user, request, skip_notify=True)
             return HttpResponseRedirect(self.get_success_url() + "#groups")
 
         return super().post(request, **kwargs)