- Notifications
You must be signed in to change notification settings - Fork1k
feat: notify when a user account is deleted#14113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Merged
Changes fromall commits
Commits
Show all changes
8 commits Select commitHold shift + click to select a range
42f4bd7 sql
mtojek9c47637 WIP
mtojek4e787ec fix
mtojek15fec2b logic
mtojek37bbb41 tests
mtojek96fa649 Merge branch 'main' into 17-account-delete
mtojekac5a3e6 Fix migration numbers
mtojek085c5bf Danny's review
mtojekFile filter
Filter by extension
Conversations
Failed to load comments.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Jump to
Jump to file
Failed to load files.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Diff view
Diff view
There are no files selected for viewing
1 change: 1 addition & 0 deletionscoderd/database/migrations/000236_notifications_user_deleted.down.sql
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| DELETE FROM notification_templates WHERE id = 'f44d9314-ad03-4bc8-95d0-5cad491da6b6'; |
9 changes: 9 additions & 0 deletionscoderd/database/migrations/000236_notifications_user_deleted.up.sql
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| INSERT INTO notification_templates (id, name, title_template, body_template, "group", actions) | ||
| VALUES ('f44d9314-ad03-4bc8-95d0-5cad491da6b6', 'User account deleted', E'User account "{{.Labels.deleted_account_name}}" deleted', | ||
| E'Hi {{.UserName}},\n\nUser account **{{.Labels.deleted_account_name}}** has been deleted.', | ||
| 'User Events', '[ | ||
| { | ||
| "label": "View accounts", | ||
| "url": "{{ base_url }}/deployment/users?filter=status%3Aactive" | ||
| } | ||
| ]'::jsonb); |
1 change: 1 addition & 0 deletionscoderd/notifications/events.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
57 changes: 43 additions & 14 deletionscoderd/users.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -567,6 +567,27 @@ func (api *API) deleteUser(rw http.ResponseWriter, r *http.Request) { | ||
| } | ||
| user.Deleted = true | ||
| aReq.New = user | ||
| userAdmins, err := findUserAdmins(ctx, api.Database) | ||
| if err != nil { | ||
| httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ | ||
| Message: "Internal error fetching user admins.", | ||
| Detail: err.Error(), | ||
| }) | ||
| return | ||
| } | ||
| for _, u := range userAdmins { | ||
| if _, err := api.NotificationsEnqueuer.Enqueue(ctx, u.ID, notifications.TemplateUserAccountDeleted, | ||
| map[string]string{ | ||
| "deleted_account_name": user.Username, | ||
| }, "api-users-delete", | ||
| user.ID, | ||
| ); err != nil { | ||
| api.Logger.Warn(ctx, "unable to notify about deleted user", slog.F("deleted_user", user.Username), slog.Error(err)) | ||
| } | ||
| } | ||
| rw.WriteHeader(http.StatusNoContent) | ||
| } | ||
| @@ -1287,23 +1308,12 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create | ||
| return user, req.OrganizationID, err | ||
| } | ||
| userAdmins, err := findUserAdmins(ctx, store) | ||
| if err != nil { | ||
| return user, req.OrganizationID, xerrors.Errorf("find user admins: %w", err) | ||
| } | ||
| for _, u := range userAdmins { | ||
| if _, err := api.NotificationsEnqueuer.Enqueue(ctx, u.ID, notifications.TemplateUserAccountCreated, | ||
| map[string]string{ | ||
| "created_account_name": user.Username, | ||
| @@ -1316,6 +1326,25 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create | ||
| return user, req.OrganizationID, err | ||
| } | ||
| // findUserAdmins fetches all users with user admin permission including owners. | ||
| func findUserAdmins(ctx context.Context, store database.Store) ([]database.GetUsersRow, error) { | ||
| // Notice: we can't scrape the user information in parallel as pq | ||
| // fails with: unexpected describe rows response: 'D' | ||
| owners, err := store.GetUsers(ctx, database.GetUsersParams{ | ||
| RbacRole: []string{codersdk.RoleOwner}, | ||
| }) | ||
| if err != nil { | ||
| return nil, xerrors.Errorf("get owners: %w", err) | ||
| } | ||
| userAdmins, err := store.GetUsers(ctx, database.GetUsersParams{ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. Do we also need to include org user admins here? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. Probably, I will leave it as a follow-up once the org part is final. Most likely we need to adjustcreate account logic too. | ||
| RbacRole: []string{codersdk.RoleUserAdmin}, | ||
| }) | ||
| if err != nil { | ||
| return nil, xerrors.Errorf("get user admins: %w", err) | ||
| } | ||
| return append(owners, userAdmins...), nil | ||
| } | ||
| func convertUsers(users []database.User, organizationIDsByUserID map[uuid.UUID][]uuid.UUID) []codersdk.User { | ||
| converted := make([]codersdk.User, 0, len(users)) | ||
| for _, u := range users { | ||
84 changes: 84 additions & 0 deletionscoderd/users_test.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -374,6 +374,90 @@ func TestDeleteUser(t *testing.T) { | ||
| }) | ||
| } | ||
| func TestNotifyDeletedUser(t *testing.T) { | ||
| t.Parallel() | ||
| t.Run("OwnerNotified", func(t *testing.T) { | ||
| t.Parallel() | ||
| // given | ||
| notifyEnq := &testutil.FakeNotificationsEnqueuer{} | ||
| adminClient := coderdtest.New(t, &coderdtest.Options{ | ||
| NotificationsEnqueuer: notifyEnq, | ||
| }) | ||
| firstUser := coderdtest.CreateFirstUser(t, adminClient) | ||
| ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) | ||
| defer cancel() | ||
| user, err := adminClient.CreateUser(ctx, codersdk.CreateUserRequest{ | ||
| OrganizationID: firstUser.OrganizationID, | ||
| Email: "another@user.org", | ||
| Username: "someone-else", | ||
| Password: "SomeSecurePassword!", | ||
| }) | ||
| require.NoError(t, err) | ||
| // when | ||
| err = adminClient.DeleteUser(context.Background(), user.ID) | ||
| require.NoError(t, err) | ||
| // then | ||
| require.Len(t, notifyEnq.Sent, 2) | ||
| // notifyEnq.Sent[0] is create account event | ||
| require.Equal(t, notifications.TemplateUserAccountDeleted, notifyEnq.Sent[1].TemplateID) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. Should the owner receive an email for their own action? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. You can't delete your own account, so I believe there is no need to filter. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. What i mean is: if an owner initiated an event - they should probably not receive a notification about it because it's redundant. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. I understand that they won't receive as the API method will fail faster? seecode There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. Oh.. you mean the owner of the action.. not the owner of the account. Interesting case, on the other hand, if somebody took over the account, notifications would work like auditing. | ||
| require.Equal(t, firstUser.UserID, notifyEnq.Sent[1].UserID) | ||
| require.Contains(t, notifyEnq.Sent[1].Targets, user.ID) | ||
| require.Equal(t, user.Username, notifyEnq.Sent[1].Labels["deleted_account_name"]) | ||
| }) | ||
| t.Run("UserAdminNotified", func(t *testing.T) { | ||
| t.Parallel() | ||
| // given | ||
| notifyEnq := &testutil.FakeNotificationsEnqueuer{} | ||
| adminClient := coderdtest.New(t, &coderdtest.Options{ | ||
| NotificationsEnqueuer: notifyEnq, | ||
| }) | ||
| firstUser := coderdtest.CreateFirstUser(t, adminClient) | ||
| ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) | ||
| defer cancel() | ||
| _, userAdmin := coderdtest.CreateAnotherUser(t, adminClient, firstUser.OrganizationID, rbac.RoleUserAdmin()) | ||
| member, err := adminClient.CreateUser(ctx, codersdk.CreateUserRequest{ | ||
| OrganizationID: firstUser.OrganizationID, | ||
| Email: "another@user.org", | ||
| Username: "someone-else", | ||
| Password: "SomeSecurePassword!", | ||
| }) | ||
| require.NoError(t, err) | ||
| // when | ||
| err = adminClient.DeleteUser(context.Background(), member.ID) | ||
| require.NoError(t, err) | ||
| // then | ||
| require.Len(t, notifyEnq.Sent, 5) | ||
| // notifyEnq.Sent[0]: "User admin" account created, "owner" notified | ||
| // notifyEnq.Sent[1]: "Member" account created, "owner" notified | ||
| // notifyEnq.Sent[2]: "Member" account created, "user admin" notified | ||
| // "Member" account deleted, "owner" notified | ||
| require.Equal(t, notifications.TemplateUserAccountDeleted, notifyEnq.Sent[3].TemplateID) | ||
| require.Equal(t, firstUser.UserID, notifyEnq.Sent[3].UserID) | ||
| require.Contains(t, notifyEnq.Sent[3].Targets, member.ID) | ||
| require.Equal(t, member.Username, notifyEnq.Sent[3].Labels["deleted_account_name"]) | ||
| // "Member" account deleted, "user admin" notified | ||
| require.Equal(t, notifications.TemplateUserAccountDeleted, notifyEnq.Sent[4].TemplateID) | ||
| require.Equal(t, userAdmin.ID, notifyEnq.Sent[4].UserID) | ||
| require.Contains(t, notifyEnq.Sent[4].Targets, member.ID) | ||
| require.Equal(t, member.Username, notifyEnq.Sent[4].Labels["deleted_account_name"]) | ||
| }) | ||
| } | ||
| func TestPostLogout(t *testing.T) { | ||
| t.Parallel() | ||
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.