Invalidate sessions when user is changed to enable/disabled status

    <description><![CDATA[in /e/OS cloud, nextcloud accounts are linked to mail accounts. This app ensures both are coordinated: it sets the e-mail address, quota and storage of the user upon creation.

    It also completes the account deletion by cleaning other parts of the /e/OS cloud setup to ensure no more data is retained when a user requests an account deletion.

    This app uses the UserDeletedEvent to invoke scripts in the docker-welcome container of /e/OS cloud setup]]></description>

    <version>13.1.2</version>

    <version>13.1.3</version>

    <licence>agpl</licence>

    <author mail="dev@murena.com" homepage="https://murena.com/">Murena SAS</author>

    <namespace>EcloudAccounts</namespace>

namespace OCA\EcloudAccounts\Listeners;

use Exception;

use OC\Authentication\Token\IProvider as TokenProvider;

use OCA\EcloudAccounts\AppInfo\Application;

use OCA\EcloudAccounts\Db\MailboxMapper;

use OCA\EcloudAccounts\Service\LDAPConnectionService;

use OCA\EcloudAccounts\Service\SSOService;

use OCA\EcloudAccounts\Service\UserService;

use OCP\EventDispatcher\Event;

use OCP\EventDispatcher\IEventListener;

use OCP\ISession;

use OCP\IUserSession;

use OCP\User\Events\UserChangedEvent;

use OCP\Util;

use Psr\Log\LoggerInterface;

	private $userService;

	private $LDAPConnectionService;

	private SSOService $ssoService;

	private ISession $session;

	private IUserSession $userSession;

	private TokenProvider $tokenProvider;

	public function __construct(Util $util, LoggerInterface $logger, MailboxMapper $mailboxMapper, UserService $userService, LDAPConnectionService $LDAPConnectionService) {

	public function __construct(Util $util, LoggerInterface $logger, MailboxMapper $mailboxMapper, UserService $userService, LDAPConnectionService $LDAPConnectionService, SSOService $ssoService, ISession $session, IUserSession $userSession, TokenProvider $tokenProvider) {

		$this->util = $util;

		$this->mailboxMapper = $mailboxMapper;

		$this->logger = $logger;

		$this->userService = $userService;

		$this->LDAPConnectionService = $LDAPConnectionService;

		$this->ssoService = $ssoService;

		$this->session = $session;

		$this->userSession = $userSession;

		$this->tokenProvider = $tokenProvider;

	}

	public function handle(Event $event): void {

		if ($feature === self::ENABLED_FEATURE) {

			try {

				$this->userService->mapActiveAttributesInLDAP($username, $newValue);

				$this->invalidateUserSessions($username);

			} catch (Exception $e) {

				$this->logger->error('Failed to update LDAP attributes for user: ' . $username, ['exception' => $e]);

			}

			$this->logger->error("Error setting quota for user $username " . $e->getMessage());

		}

	}

	private function invalidateUserSessions(string $username): void {

		// Logout from SSO service

		try {

			$this->ssoService->logout($username);

		} catch (Exception $e) {

			$this->logger->error($e->getMessage(), ['exception' => $e, 'app' => Application::APP_ID]);

		}

		// Remove all Nextcloud sessions/tokens for the user (invalidate cache + storage)

		try {

			$this->tokenProvider->invalidateTokensOfUser($username, null);

		} catch (Exception $e) {

			$this->logger->error($e, ['app' => Application::APP_ID]);

		}

		// Finally, log out the current session if it's the same user (also clears remember-me cookies)

		try {

			if ($this->userSession->isLoggedIn() && $this->userSession->getUser() && $this->userSession->getUser()->getUID() === $username) {

				$this->userSession->logout();

			}

		} catch (Exception $e) {

			$this->logger->error($e, ['app' => Application::APP_ID]);

		}

	}

}