plugins-nextcloud-mirror/libresign
1
0
Fork 0
mirror of https://github.com/LibreSign/libresign.git synced 2025-12-17 21:12:16 +01:00
Code Projects Releases Activity

feat(crl): revoke certificates when user account is deleted

Browse source 
Add certificate revocation to UserDeleted background job using
CRLReason::CESSATION_OF_OPERATION when a user account is deleted.

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
This commit is contained in:
Vitor Mattos 2025-11-27 16:00:48 -03:00
parent e5bc3bcb10
commit 9abf107b8e
No known key found for this signature in database
GPG key ID: 6FECE2AD4809003A
1 changed files with 32 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
lib/BackgroundJob/UserDeleted.php
View file

@ -11,6 +11,8 @@ namespace OCA\Libresign\BackgroundJob;
use OCA\Libresign\Db\FileMapper;
use OCA\Libresign\Db\IdentifyMethodMapper;
use OCA\Libresign\Db\UserElementMapper;
use OCA\Libresign\Enum\CRLReason;
use OCA\Libresign\Service\CrlService;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\BackgroundJob\QueuedJob;
@ -21,6 +23,7 @@ class UserDeleted extends QueuedJob {
protected FileMapper $fileMapper,
protected IdentifyMethodMapper $identifyMethodMapper,
protected UserElementMapper $userElementMapper,
protected CrlService $crlService,
protected ITimeFactory $time,
protected LoggerInterface $logger,
) {
@ -40,6 +43,35 @@ class UserDeleted extends QueuedJob {
$this->logger->info('Neutralizing data for deleted user {user}', [
'user' => $userId
]);
$this->revokeCertificates($userId);
$this->neutralizeUserData($userId, $displayName);
}
private function revokeCertificates(string $userId): void {
try {
$revokedCount = $this->crlService->revokeUserCertificates(
$userId,
CRLReason::CESSATION_OF_OPERATION,
'User account deleted',
'system'
);
if ($revokedCount > 0) {
$this->logger->info('Revoked {count} certificate(s) for deleted user {user}', [
'count' => $revokedCount,
'user' => $userId
]);
}
} catch (\Exception $e) {
$this->logger->error('Failed to revoke certificates for deleted user {user}: {error}', [
'user' => $userId,
'error' => $e->getMessage()
]);
}
}
private function neutralizeUserData(string $userId, string $displayName): void {
$this->fileMapper->neutralizeDeletedUser($userId, $displayName);
$this->identifyMethodMapper->neutralizeDeletedUser($userId, $displayName);
$this->userElementMapper->neutralizeDeletedUser($userId, $displayName);