Plugin: Azure: Add option to deactivate non-existing users in Azure when running sync_users script - refs BT#21930

Author: AngelFQC

plugin/azure_active_directory/lang/dutch.php

@@ -44,3 +44,5 @@
 $strings['additional_interaction_required'] = 'Er is aanvullende interactie vereist om u te authenticeren. Log rechtstreeks in via <a href="https://login.microsoftonline.com" target="_blank">uw authenticatiesysteem</a> en kom dan terug naar deze pagina om in te loggen.';
 $strings['tenant_id'] = 'Mandanten-ID';
 $strings['tenant_id_help'] = 'Required to run scripts.';
+$strings['deactivate_nonexisting_users'] = 'Deactivate non-existing users';
+$strings['deactivate_nonexisting_users_help'] = 'Compare registered users in Chamilo with those in Azure and deactivate accounts in Chamilo that do not exist in Azure.';

plugin/azure_active_directory/lang/english.php

@@ -44,3 +44,5 @@
 $strings['additional_interaction_required'] = 'Some additional interaction is required to authenticate you. Please login directly through <a href="https://login.microsoftonline.com" target="_blank">your authentication system</a>, then come back to this page to login.';
 $strings['tenant_id'] = 'Tenant ID';
 $strings['tenant_id_help'] = 'Required to run scripts.';
+$strings['deactivate_nonexisting_users'] = 'Deactivate non-existing users';
+$strings['deactivate_nonexisting_users_help'] = 'Compare registered users in Chamilo with those in Azure and deactivate accounts in Chamilo that do not exist in Azure.';

plugin/azure_active_directory/lang/french.php

@@ -44,3 +44,5 @@
 $strings['additional_interaction_required'] = 'Une interaction supplémentaire est nécessaire pour vous authentifier. Veuillez vous connecter directement auprès de <a href="https://login.microsoftonline.com" target="_blank">votre système d\'authentification</a>, puis revenir ici pour vous connecter.';
 $strings['tenant_id'] = 'ID du client';
 $strings['tenant_id_help'] = 'Nécessaire pour exécuter des scripts.';
+$strings['deactivate_nonexisting_users'] = 'Deactivate non-existing users';
+$strings['deactivate_nonexisting_users_help'] = 'Compare registered users in Chamilo with those in Azure and deactivate accounts in Chamilo that do not exist in Azure.';

plugin/azure_active_directory/lang/spanish.php

@@ -44,3 +44,5 @@
 $strings['additional_interaction_required'] = 'Alguna interacción adicional es necesaria para identificarlo/a. Por favor conéctese primero a través de su <a href="https://login.microsoftonline.com" target="_blank">sistema de autenticación</a>, luego regrese aquí para logearse.';
 $strings['tenant_id'] = 'Id. del inquilino';
 $strings['tenant_id_help'] = 'Necesario para ejecutar scripts.';
+$strings['deactivate_nonexisting_users'] = 'Desactivar usuarios no existentes';
+$strings['deactivate_nonexisting_users_help'] = 'Compara los usuarios registrados en Chamilo con los de Azure y desactiva las cuentas en Chamilo que no existan en Azure.';

plugin/azure_active_directory/src/AzureActiveDirectory.php

@@ -27,6 +27,7 @@ class AzureActiveDirectory extends Plugin
     public const SETTING_GROUP_ID_TEACHER = 'group_id_teacher';
     public const SETTING_EXISTING_USER_VERIFICATION_ORDER = 'existing_user_verification_order';
     public const SETTING_TENANT_ID = 'tenant_id';
+    public const SETTING_DEACTIVATE_NONEXISTING_USERS = 'deactivate_nonexisting_users';
 
     public const URL_TYPE_AUTHORIZE = 'login';
     public const URL_TYPE_LOGOUT = 'logout';
@@ -55,6 +56,7 @@ protected function __construct()
             self::SETTING_GROUP_ID_TEACHER => 'text',
             self::SETTING_EXISTING_USER_VERIFICATION_ORDER => 'text',
             self::SETTING_TENANT_ID => 'text',
+            self::SETTING_DEACTIVATE_NONEXISTING_USERS => 'boolean',
         ];
 
         parent::__construct('2.3', 'Angel Fernando Quiroz Campos, Yannick Warnier', $settings);

plugin/azure_active_directory/src/scripts/sync_users.php

@@ -46,6 +46,8 @@
 
 printf("%s - Number of users obtained %d".PHP_EOL, time(), count($azureUsersInfo));
 
+$existingUsers = [];
+
 /** @var array $user */
 foreach ($azureUsersInfo as $azureUserInfo) {
     try {
@@ -58,6 +60,8 @@
             'id'
         );
 
+        $existingUsers[] = $userId;
+
         $userInfo = api_get_user_info($userId);
 
         printf("%s - UserInfo %s".PHP_EOL, time(), serialize($userInfo));
@@ -67,3 +71,25 @@
         continue;
     }
 }
+
+if ('true' === $plugin->get(AzureActiveDirectory::SETTING_DEACTIVATE_NONEXISTING_USERS)) {
+    echo '----------------'.PHP_EOL;
+    printf('Trying deactivate non-existing users in Azure.'.PHP_EOL, time());
+
+    $users = UserManager::getRepository()->findByAuthSource('azure');
+    $userIdList = array_map(
+        function ($user) {
+            return $user->getId();
+        },
+        $users
+    );
+
+    $nonExistingUsers = array_diff($userIdList, $existingUsers);
+
+    UserManager::deactivate_users($nonExistingUsers);
+    printf(
+        "%d - Deactivated users IDs: %s".PHP_EOL,
+        time(),
+        implode(', ', $nonExistingUsers)
+    );
+}

src/Chamilo/UserBundle/Repository/UserRepository.php

@@ -1382,4 +1382,9 @@ public function getLastLogin(User $user)
             ->getQuery()
             ->getOneOrNullResult();
     }
+
+    public function findByAuthSource(string $authSource): array
+    {
+        return $this->findBy(['authSource' => $authSource]);
+    }
 }