events: add gdpr_compliance option
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #1551
This commit is contained in:
Jens Langhammer
parent
047030f901
commit
f4db09cd59
|
|
@ -3,14 +3,14 @@ from threading import Thread
|
|||
from typing import Any, Optional
|
||||
|
||||
from django.contrib.auth.signals import user_logged_in, user_logged_out, user_login_failed
|
||||
from django.db.models.signals import post_save
|
||||
from django.db.models.signals import post_save, pre_delete
|
||||
from django.dispatch import receiver
|
||||
from django.http import HttpRequest
|
||||
|
||||
from authentik.core.models import User
|
||||
from authentik.core.signals import password_changed
|
||||
from authentik.events.models import Event, EventAction
|
||||
from authentik.events.tasks import event_notification_handler
|
||||
from authentik.events.tasks import event_notification_handler, gdpr_cleanup
|
||||
from authentik.flows.planner import PLAN_CONTEXT_SOURCE, FlowPlan
|
||||
from authentik.flows.views.executor import SESSION_KEY_PLAN
|
||||
from authentik.stages.invitation.models import Invitation
|
||||
|
|
@ -108,3 +108,10 @@ def on_password_changed(sender, user: User, password: str, **_):
|
|||
def event_post_save_notification(sender, instance: Event, **_):
|
||||
"""Start task to check if any policies trigger an notification on this event"""
|
||||
event_notification_handler.delay(instance.event_uuid.hex)
|
||||
|
||||
|
||||
@receiver(pre_delete, sender=User)
|
||||
# pylint: disable=unused-argument
|
||||
def event_user_pre_delete_cleanup(sender, instance: User, **_):
|
||||
"""If gdpr_compliance is enabled, remove all the user's events"""
|
||||
gdpr_cleanup.delay(instance.pk)
|
||||
|
|
|
|||
|
|
@ -106,3 +106,11 @@ def notification_transport(self: MonitoredTask, notification_pk: int, transport_
|
|||
except NotificationTransportError as exc:
|
||||
self.set_status(TaskResult(TaskResultStatus.ERROR).with_error(exc))
|
||||
raise exc
|
||||
|
||||
|
||||
@CELERY_APP.task()
|
||||
def gdpr_cleanup(user_pk: int):
|
||||
"""cleanup events from gdpr_compliance"""
|
||||
events = Event.objects.filter(user__pk=user_pk)
|
||||
LOGGER.debug("GDPR cleanup, removing events from user", events=events.count())
|
||||
events.delete()
|
||||
|
|
|
|||
|
|
@ -80,3 +80,5 @@ footer_links:
|
|||
|
||||
default_user_change_email: true
|
||||
default_user_change_username: true
|
||||
|
||||
gdpr_compliance: true
|
||||
|
|
|
|||
|
|
@ -165,6 +165,14 @@ Requires authentik 2021.10.5
|
|||
|
||||
Enable the ability for users to change their Usernames, defaults to `true`.
|
||||
|
||||
### AUTHENTIK_GDPR_COMPLIANCE
|
||||
|
||||
:::info
|
||||
Requires authentik 2021.10.5
|
||||
:::
|
||||
|
||||
When enabled, all the events caused by a user will be deleted upon the user's deletion. Defaults to `true`.
|
||||
|
||||
### AUTHENTIK_FOOTER_LINKS
|
||||
|
||||
:::info
|
||||
|
|
|
|||
Reference in New Issue