From ace6dac38208e04f4ef078f2a3f5126419f623cf Mon Sep 17 00:00:00 2001 From: Alexandre R D'anzi Date: Fri, 19 Dec 2025 16:23:31 +0100 Subject: [PATCH 1/5] moving delte vault account logic to ecloud accounts --- lib/Listeners/BeforeUserDeletedListener.php | 46 +++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/lib/Listeners/BeforeUserDeletedListener.php b/lib/Listeners/BeforeUserDeletedListener.php index a33c760f..76482dd9 100644 --- a/lib/Listeners/BeforeUserDeletedListener.php +++ b/lib/Listeners/BeforeUserDeletedListener.php @@ -51,6 +51,20 @@ class BeforeUserDeletedListener implements IEventListener { } catch (Exception $e) { $this->logger->error('Error deleting mail folder for user '. $uid . ' :' . $e->getMessage()); } + + $oidcUid = $this->config->getUserValue( + (string) $uid, + Application::APP_ID, + Application::OIDC_PROVIDER_UID_KEY + ); + + if (!empty($oidcUid)) { + $this->triggerDeletionWebhook($oidcUid); + } + else { + $this->logger->error('No ssoid for '.$user); + } + try { if ($this->LDAPConnectionService->isLDAPEnabled() && $isUserOnLDAP) { $conn = $this->LDAPConnectionService->getLDAPConnection(); @@ -113,4 +127,36 @@ class BeforeUserDeletedListener implements IEventListener { return $aliasEntries; } + + private function triggerDeletionWebhook(string $oidcUid): void + { + $webhookUrl = $this->config->getSystemValue('oidc_user_deleted_webhook', ''); + if ('' === trim($webhookUrl)) { + return; + } + $token = $this->config->getSystemValue('oidc_user_deleted_token', ''); + if ('' === trim($token)) { + return; + } + $authorization = "Authorization: Bearer ".$token; + $payload = http_build_query(['ssoId' => $oidcUid]); + $curl = curl_init(); + + curl_setopt_array($curl, [ + CURLOPT_URL => $webhookUrl."?".$payload, + CURLOPT_RETURNTRANSFER => true, + CURLOPT_HTTPHEADER => array($authorization), + CURLOPT_TIMEOUT => 10, + ]); + + $response = curl_exec($curl); + if (false === $response) { + $this->logger->error('Failed to call user deletion webhook', [ + 'error' => curl_error($curl), + ]); + } else {c + $this->logger->debug('User deletion webhook called successfully'); + } + curl_close($curl); + } } -- GitLab From 3421ff52e9a263d539ca60eac2e12912629784ba Mon Sep 17 00:00:00 2001 From: Alexandre R D'anzi Date: Sat, 20 Dec 2025 00:58:41 +0100 Subject: [PATCH 2/5] fix lint --- lib/Listeners/BeforeUserDeletedListener.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/Listeners/BeforeUserDeletedListener.php b/lib/Listeners/BeforeUserDeletedListener.php index 76482dd9..cca1a319 100644 --- a/lib/Listeners/BeforeUserDeletedListener.php +++ b/lib/Listeners/BeforeUserDeletedListener.php @@ -60,8 +60,7 @@ class BeforeUserDeletedListener implements IEventListener { if (!empty($oidcUid)) { $this->triggerDeletionWebhook($oidcUid); - } - else { + } else { $this->logger->error('No ssoid for '.$user); } @@ -128,8 +127,7 @@ class BeforeUserDeletedListener implements IEventListener { return $aliasEntries; } - private function triggerDeletionWebhook(string $oidcUid): void - { + private function triggerDeletionWebhook(string $oidcUid): void { $webhookUrl = $this->config->getSystemValue('oidc_user_deleted_webhook', ''); if ('' === trim($webhookUrl)) { return; @@ -154,7 +152,7 @@ class BeforeUserDeletedListener implements IEventListener { $this->logger->error('Failed to call user deletion webhook', [ 'error' => curl_error($curl), ]); - } else {c + } else { $this->logger->debug('User deletion webhook called successfully'); } curl_close($curl); -- GitLab From 199ffbf900484892d91a947a02ac906b397ccf06 Mon Sep 17 00:00:00 2001 From: Alexandre R D'anzi Date: Sat, 20 Dec 2025 01:27:33 +0100 Subject: [PATCH 3/5] using parameters directly --- lib/Listeners/BeforeUserDeletedListener.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/Listeners/BeforeUserDeletedListener.php b/lib/Listeners/BeforeUserDeletedListener.php index cca1a319..263b51ff 100644 --- a/lib/Listeners/BeforeUserDeletedListener.php +++ b/lib/Listeners/BeforeUserDeletedListener.php @@ -54,8 +54,8 @@ class BeforeUserDeletedListener implements IEventListener { $oidcUid = $this->config->getUserValue( (string) $uid, - Application::APP_ID, - Application::OIDC_PROVIDER_UID_KEY + "oidc_login", + "oidc_uid" ); if (!empty($oidcUid)) { -- GitLab From f57dde58a05ac1e8b0b83377340428fa11ad280e Mon Sep 17 00:00:00 2001 From: Alexandre R D'anzi Date: Tue, 23 Dec 2025 16:22:28 +0100 Subject: [PATCH 4/5] change multiple names and logs --- lib/Listeners/BeforeUserDeletedListener.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/lib/Listeners/BeforeUserDeletedListener.php b/lib/Listeners/BeforeUserDeletedListener.php index 263b51ff..44332405 100644 --- a/lib/Listeners/BeforeUserDeletedListener.php +++ b/lib/Listeners/BeforeUserDeletedListener.php @@ -52,6 +52,7 @@ class BeforeUserDeletedListener implements IEventListener { $this->logger->error('Error deleting mail folder for user '. $uid . ' :' . $e->getMessage()); } + $this->logger->info('Deleting vault account of user '.$user); $oidcUid = $this->config->getUserValue( (string) $uid, "oidc_login", @@ -59,9 +60,9 @@ class BeforeUserDeletedListener implements IEventListener { ); if (!empty($oidcUid)) { - $this->triggerDeletionWebhook($oidcUid); + $this->triggerVaultAccountDelete($oidcUid); } else { - $this->logger->error('No ssoid for '.$user); + $this->logger->error('Error deleting vault account: No ssoid for '.$user); } try { @@ -127,12 +128,12 @@ class BeforeUserDeletedListener implements IEventListener { return $aliasEntries; } - private function triggerDeletionWebhook(string $oidcUid): void { - $webhookUrl = $this->config->getSystemValue('oidc_user_deleted_webhook', ''); + private function triggerVaultAccountDelete(string $oidcUid): void { + $webhookUrl = $this->config->getSystemValue('oidc_vault_account_delete', ''); if ('' === trim($webhookUrl)) { return; } - $token = $this->config->getSystemValue('oidc_user_deleted_token', ''); + $token = $this->config->getSystemValue('oidc_vault_account_delete_token', ''); if ('' === trim($token)) { return; } @@ -149,11 +150,11 @@ class BeforeUserDeletedListener implements IEventListener { $response = curl_exec($curl); if (false === $response) { - $this->logger->error('Failed to call user deletion webhook', [ + $this->logger->error('Failed to call vault account delete api', [ 'error' => curl_error($curl), ]); } else { - $this->logger->debug('User deletion webhook called successfully'); + $this->logger->info('Vault account delete successfully called'); } curl_close($curl); } -- GitLab From 5331aedb04d44e7071bd324980a937f96c251de4 Mon Sep 17 00:00:00 2001 From: Alexandre R D'anzi Date: Tue, 23 Dec 2025 16:25:40 +0100 Subject: [PATCH 5/5] adding configuration in readme --- README.md | 9 +++++++++ lib/Listeners/BeforeUserDeletedListener.php | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 608c14de..ae3cbfe2 100644 --- a/README.md +++ b/README.md @@ -143,3 +143,12 @@ The values should be set as follows: - `occ config:system:set newsletter_list_ids eos --value=1234`: should be set to the list ID for the eOS newsletter - `occ config:system:set newsletter_list_ids product --value=1234 --type=integer` should be set to the list ID for the shop newsletter - `occ config:system:set newsletter_list_ids b2b --value=1234 --type=integer` should be set to the list ID for the B2B newsletter + +## Vault account delete configuration: + +Needs configuration variables to be set: + +``` +oidc_vault_account_delete_url=vault-full-url +oidc_vault_account_delete_token=vault-token +``` \ No newline at end of file diff --git a/lib/Listeners/BeforeUserDeletedListener.php b/lib/Listeners/BeforeUserDeletedListener.php index 44332405..96e0f2db 100644 --- a/lib/Listeners/BeforeUserDeletedListener.php +++ b/lib/Listeners/BeforeUserDeletedListener.php @@ -129,7 +129,7 @@ class BeforeUserDeletedListener implements IEventListener { } private function triggerVaultAccountDelete(string $oidcUid): void { - $webhookUrl = $this->config->getSystemValue('oidc_vault_account_delete', ''); + $webhookUrl = $this->config->getSystemValue('oidc_vault_account_delete_url', ''); if ('' === trim($webhookUrl)) { return; } -- GitLab