member/member-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(member): delete authentik user when removing member

Browse Source
This commit is contained in:
Chris
2026-03-31 21:01:15 +08:00
parent 2b29a1a274
commit cf02d9ec41
2 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/api/admin_catalog.py
View File

@@ -680,6 +680,13 @@ def delete_member(
row = users_repo.get_by_sub(authentik_sub) row = users_repo.get_by_sub(authentik_sub)
if not row: if not row:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="user_not_found") raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="user_not_found")
settings = get_settings()
service = AuthentikAdminService(settings=settings)
service.delete_user(
authentik_user_id=row.authentik_user_id,
email=row.email,
username=row.username,
)
db.execute(delete(PermissionGroupMember).where(PermissionGroupMember.authentik_sub == authentik_sub)) db.execute(delete(PermissionGroupMember).where(PermissionGroupMember.authentik_sub == authentik_sub))
db.delete(row) db.delete(row)
db.commit() db.commit()

33
app/services/authentik_admin_service.py
View File

@@ -23,6 +23,12 @@ class AuthentikPasswordResetResult:
temporary_password: str temporary_password: str
@dataclass
class AuthentikDeleteResult:
action: str
user_id: int | None = None
class AuthentikAdminService: class AuthentikAdminService:
def __init__(self, settings: Settings) -> None: def __init__(self, settings: Settings) -> None:
self.base_url = settings.authentik_base_url.rstrip("/") self.base_url = settings.authentik_base_url.rstrip("/")
@@ -159,3 +165,30 @@ class AuthentikAdminService:
raise HTTPException(status_code=502, detail="authentik_set_password_failed") raise HTTPException(status_code=502, detail="authentik_set_password_failed")
return AuthentikPasswordResetResult(user_id=user_pk, temporary_password=temp_password) return AuthentikPasswordResetResult(user_id=user_pk, temporary_password=temp_password)
def delete_user(
self,
*,
authentik_user_id: int | None,
email: str | None,
username: str | None,
) -> AuthentikDeleteResult:
with self._client() as client:
existing = None
if authentik_user_id is not None:
existing = self._lookup_user_by_id(client, authentik_user_id)
if existing is None:
existing = self._lookup_user_by_email_or_username(client, email=email, username=username)
if not existing or existing.get("pk") is None:
return AuthentikDeleteResult(action="not_found")
user_pk = int(existing["pk"])
delete_resp = client.delete(f"/api/v3/core/users/{user_pk}/")
if delete_resp.status_code in {204, 404}:
return AuthentikDeleteResult(
action="deleted" if delete_resp.status_code == 204 else "not_found",
user_id=user_pk,
)
if delete_resp.status_code >= 400:
raise HTTPException(status_code=502, detail="authentik_delete_failed")
return AuthentikDeleteResult(action="deleted", user_id=user_pk)