Skip to content

feat(gdpr) deactivate users + Store last cnx timestamp #2136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 14, 2022
Merged

feat(gdpr) deactivate users + Store last cnx timestamp #2136

merged 1 commit into from
Feb 14, 2022

Conversation

NicolasToussaint
Copy link
Member

There are two GDPR related features in this PR:

Description

Deactivate users:
New user status to prevent users from logging in (or using existing tokens) without removing the account altogether.
This is handy to block account left unused for a long time, or block users (for ex. because they left the company) while keeping decision history as it is.
If user is logged in wile being deactivated, s·he is not kicked out

Store the "last connection date" for each user as a timestamp in the database
This is necessary to detect accounts left unused for some time. As simple SQL script can then list all users who have not connected for 6 months for example.

Future features

  • Another anonymized user status might be handy to keep the users in the database while allowing the removal of their private data (username & email address)
  • automate the deactivation of users who have not logged in for a configurable time

Changes

  • Two new columns in the users database table
  • changes in the authentication code
  • changed in the user edition page

How to test

Create user test_a

No last_connection is stored, default status is active

fossology=# select user_pk,user_name,last_connection,user_status from users;
 user_pk |  user_name   |        last_connection        | user_status
---------+--------------+-------------------------------+-------------
       2 | Default User |                               | active
       3 | fossy        | 2021-12-29 14:05:56.671283+00 | active
       4 | test_a       |                               | active
(3 rows)

Generate a token and test REST API access:

$ curl --cacert ./ca-certificates.crt -s -S -H "Authorization:Bearer $FOSSOLOGY_TOKEN" -X GET  "$FOSSOLOGY_URL/folders"
[{"id":1,"name":"Software Repository","description":"Top Folder","parent":null}]%

Log in with user test_a

Its last_connection is updated

fossology=# select user_pk,user_name,last_connection,user_status from users;
 user_pk |  user_name   |        last_connection        | user_status
---------+--------------+-------------------------------+-------------
       2 | Default User |                               | active
       3 | fossy        | 2021-12-29 14:05:56.671283+00 | active
       4 | test_a       | 2021-12-29 14:08:02.522877+00 | active
(3 rows)

Log out and back in with fossy

The last_connection is updated

fossology=# select user_pk,user_name,last_connection,user_status from users;
 user_pk |  user_name   |        last_connection        | user_status
---------+--------------+-------------------------------+-------------
       2 | Default User |                               | active
       4 | test_a       | 2021-12-29 14:08:02.522877+00 | active
       3 | fossy        | 2021-12-29 14:08:21.474793+00 | active
(3 rows)

Deactivate user

image

Database is updated:

fossology=# select user_pk,user_name,last_connection,user_status from users;
 user_pk |  user_name   |        last_connection        | user_status
---------+--------------+-------------------------------+-------------
       2 | Default User |                               | active
       3 | fossy        | 2021-12-29 14:08:21.474793+00 | active
       4 | test_a       | 2021-12-29 14:08:02.522877+00 | inactive
(3 rows)

Check user cannot log back in & use token

image

curl --cacert ./ca-certificates.crt -s -S -H "Authorization:Bearer $FOSSOLOGY_TOKEN" -X GET  "$FOSSOLOGY_URL/folders"
{"code":403,"message":"User inactive.","type":"ERROR"}%

@github-actions github-actions bot added the has merge conflicts PR to be rebased label Jan 7, 2022
@github-actions
Copy link

github-actions bot commented Jan 7, 2022

This pull request has conflicts, please rebase with master to resolve those before we can evaluate the pull request.

@GMishx
Copy link
Member

GMishx commented Jan 27, 2022

Hello @NicolasToussaint , looks like by mistake some of the branch's changes are already merged on master by commit a07ccd9

However, can you please rebase your branch so we can quickly review and merge it properly as a PR?

@GMishx GMishx added this to the 4.1.0 milestone Feb 3, 2022
@shaheemazmalmmd shaheemazmalmmd force-pushed the feat/deactivate-users_last-cnx-date2 branch from 890301b to c3f9d34 Compare February 11, 2022 08:47
@shaheemazmalmmd shaheemazmalmmd removed the has merge conflicts PR to be rebased label Feb 11, 2022
@shaheemazmalmmd shaheemazmalmmd force-pushed the feat/deactivate-users_last-cnx-date2 branch from c3f9d34 to d980419 Compare February 14, 2022 06:38
@shaheemazmalmmd shaheemazmalmmd merged commit f62a32b into master Feb 14, 2022
@shaheemazmalmmd shaheemazmalmmd deleted the feat/deactivate-users_last-cnx-date2 branch February 14, 2022 08:30
@NicolasToussaint
Copy link
Member Author

Oh, sorry for not being faster, and thanks @shaheemazmalmmd for merging this PR !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs code review needs test

Projects

None yet

Milestone

4.1.0

Development

Successfully merging this pull request may close these issues.

3 participants

@NicolasToussaint @GMishx @shaheemazmalmmd