Delete all user group members if user is deleted (#2372)

* Delete all user group members if user is deleted Alternative Fix for issue 2398 TDD , test first * Fix and remove all entries for a given user id
cloudfoundry · Jun 22, 2023 · 862eb92 · 862eb92
1 parent 39d46b0
commit 862eb92
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpoints.java b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpoints.java
@@ -306,7 +306,7 @@ public ScimUser deleteUser(@PathVariable String userId,
         int version = etag == null ? -1 : getVersion(userId, etag);
         ScimUser user = getUser(userId, httpServletResponse);
         throwWhenUserManagementIsDisallowed(user.getOrigin(), request);
-        membershipManager.removeMembersByMemberId(userId, user.getOrigin(), identityZoneManager.getCurrentIdentityZoneId());
+        membershipManager.removeMembersByMemberId(userId, identityZoneManager.getCurrentIdentityZoneId());
         scimUserProvisioning.delete(userId, version, identityZoneManager.getCurrentIdentityZoneId());
         scimDeletes.incrementAndGet();
         if (publisher != null) {

diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsTests.java
@@ -462,6 +462,22 @@ void deleteIsAllowedWithCorrectVersionInEtag() {
                 new MockHttpServletRequest(), new MockHttpServletResponse());
     }
 
+    @Test
+    void deleteAllGroupMemberEntriesIfUserIsDeleted() {
+        ScimUser newUser = new ScimUser(null, "myuser", "given", "family");
+        newUser.addEmail("[email protected]");
+        newUser.setOrigin("testOrigin");
+        newUser = jdbcScimUserProvisioning.createUser(newUser, "exguyspassword", identityZone.getId());
+        ScimGroup g1 = new ScimGroup(null, "scimgroup", identityZone.getId());
+        g1 = jdbcScimGroupProvisioning.create(g1, identityZone.getId());
+        ScimGroupMember m1 = new ScimGroupMember(newUser.getId(), ScimGroupMember.Type.USER);
+        ScimGroupMember m2 = scimGroupMembershipManager.addMember(g1.getId(), m1, identityZone.getId());
+        assertEquals(1, scimGroupMembershipManager.getMembers(g1.getId(), false, identityZone.getId()).size());
+        scimUserEndpoints.deleteUser(newUser.getId(), Integer.toString(newUser.getMeta().getVersion()),
+            new MockHttpServletRequest(), new MockHttpServletResponse());
+        assertEquals(0, scimGroupMembershipManager.getMembers(g1.getId(), false, identityZone.getId()).size());
+    }
+
     @Test
     void deleteIsAllowedWithQuotedEtag() {
         ScimUser exGuy = new ScimUser(null, "deleteme", "Expendable", "Guy");