From f4db09cd59122cc13fa7b668f8e9066b1d785d3e Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 16 Nov 2021 11:29:13 +0100 Subject: [PATCH] events: add gdpr_compliance option Signed-off-by: Jens Langhammer #1551 --- authentik/events/signals.py | 11 +++++++++-- authentik/events/tasks.py | 8 ++++++++ authentik/lib/default.yml | 2 ++ website/docs/installation/configuration.md | 8 ++++++++ 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/authentik/events/signals.py b/authentik/events/signals.py index 10d9b9e08..7e599b667 100644 --- a/authentik/events/signals.py +++ b/authentik/events/signals.py @@ -3,14 +3,14 @@ from threading import Thread from typing import Any, Optional from django.contrib.auth.signals import user_logged_in, user_logged_out, user_login_failed -from django.db.models.signals import post_save +from django.db.models.signals import post_save, pre_delete from django.dispatch import receiver from django.http import HttpRequest from authentik.core.models import User from authentik.core.signals import password_changed from authentik.events.models import Event, EventAction -from authentik.events.tasks import event_notification_handler +from authentik.events.tasks import event_notification_handler, gdpr_cleanup from authentik.flows.planner import PLAN_CONTEXT_SOURCE, FlowPlan from authentik.flows.views.executor import SESSION_KEY_PLAN from authentik.stages.invitation.models import Invitation @@ -108,3 +108,10 @@ def on_password_changed(sender, user: User, password: str, **_): def event_post_save_notification(sender, instance: Event, **_): """Start task to check if any policies trigger an notification on this event""" event_notification_handler.delay(instance.event_uuid.hex) + + +@receiver(pre_delete, sender=User) +# pylint: disable=unused-argument +def event_user_pre_delete_cleanup(sender, instance: User, **_): + """If gdpr_compliance is enabled, remove all the user's events""" + gdpr_cleanup.delay(instance.pk) diff --git a/authentik/events/tasks.py b/authentik/events/tasks.py index 4e8499ec9..3828dbd8e 100644 --- a/authentik/events/tasks.py +++ b/authentik/events/tasks.py @@ -106,3 +106,11 @@ def notification_transport(self: MonitoredTask, notification_pk: int, transport_ except NotificationTransportError as exc: self.set_status(TaskResult(TaskResultStatus.ERROR).with_error(exc)) raise exc + + +@CELERY_APP.task() +def gdpr_cleanup(user_pk: int): + """cleanup events from gdpr_compliance""" + events = Event.objects.filter(user__pk=user_pk) + LOGGER.debug("GDPR cleanup, removing events from user", events=events.count()) + events.delete() diff --git a/authentik/lib/default.yml b/authentik/lib/default.yml index 3c7715906..1e4986785 100644 --- a/authentik/lib/default.yml +++ b/authentik/lib/default.yml @@ -80,3 +80,5 @@ footer_links: default_user_change_email: true default_user_change_username: true + +gdpr_compliance: true diff --git a/website/docs/installation/configuration.md b/website/docs/installation/configuration.md index a7c207298..82d994e68 100644 --- a/website/docs/installation/configuration.md +++ b/website/docs/installation/configuration.md @@ -165,6 +165,14 @@ Requires authentik 2021.10.5 Enable the ability for users to change their Usernames, defaults to `true`. +### AUTHENTIK_GDPR_COMPLIANCE + +:::info +Requires authentik 2021.10.5 +::: + +When enabled, all the events caused by a user will be deleted upon the user's deletion. Defaults to `true`. + ### AUTHENTIK_FOOTER_LINKS :::info