Call the homeserver for user deactivation

2025-07-29 22:01:14 +03:00 · 2023-08-03 14:05:10 +02:00
parent 646b6cc0e3
commit 8142cad3d6
9 changed files with 373 additions and 6 deletions
--- a/crates/cli/src/commands/manage.rs
+++ b/crates/cli/src/commands/manage.rs
@ -18,14 +18,14 @@ use mas_config::{DatabaseConfig, PasswordsConfig};
 use mas_data_model::{Device, TokenType};
 use mas_storage::{
    compat::{CompatAccessTokenRepository, CompatSessionRepository},
-    job::{DeleteDeviceJob, JobRepositoryExt, ProvisionUserJob},
+    job::{DeactivateUserJob, DeleteDeviceJob, JobRepositoryExt, ProvisionUserJob},
    user::{UserEmailRepository, UserPasswordRepository, UserRepository},
    Repository, RepositoryAccess, SystemClock,
 };
 use mas_storage_pg::PgRepository;
 use rand::SeedableRng;
 use sqlx::types::Uuid;
-use tracing::{info, info_span};
+use tracing::{info, info_span, warn};

 use crate::util::{database_from_config, password_manager_from_config};

@ -74,6 +74,10 @@ enum Subcommand {
    LockUser {
        /// User to lock
        username: String,
+
+        /// Whether to deactivate the user
+        #[arg(long)]
+        deactivate: bool,
    },

    /// Unlock a user
@ -343,7 +347,10 @@ impl Options {
                Ok(())
            }

-            SC::LockUser { username } => {
+            SC::LockUser {
+                username,
+                deactivate,
+            } => {
                let _span = info_span!("cli.manage.lock_user", user.username = username).entered();
                let config: DatabaseConfig = root.load_config()?;
                let pool = database_from_config(&config).await?;
@ -357,7 +364,17 @@ impl Options {

                info!(%user.id, "Locking user");

-                repo.user().lock(&clock, user).await?;
+                // Even though the deactivation job will lock the user, we lock it here in case
+                // the worker is not running, as we don't have a good way to run a job
+                // synchronously yet.
+                let user = repo.user().lock(&clock, user).await?;
+
+                if deactivate {
+                    warn!(%user.id, "Scheduling user deactivation");
+                    repo.job()
+                        .schedule_job(DeactivateUserJob::new(&user, false))
+                        .await?;
+                }
                repo.save().await?;

                Ok(())