Merge pull request #1877 from betagouv/feat/1823-auto-warn-delete-accounts

#1823 suppression automatique des comptes inactifs et avertissements

Author: alice-telescoop

recoco/apps/communication/constants.py

@@ -12,6 +12,8 @@
 TPL_ADVISOR_ACCESS_REQUEST_ACCEPTED = "advisor_access_request_accepted"
 TPL_ADVISOR_ACCESS_REQUEST_REFUSED = "advisor_access_request_refused"
 TPL_MESSAGES_DIGEST = "messages_digest"
+TPL_RGDP_DELETION_FIRST_WARNING = "rgpd_deletion_first_warning"
+TPL_RGDP_DELETION_SECOND_WARNING = "rgpd_deletion_second_warning"
 
 TPL_CHOICES = (
     (TPL_PROJECT_RECEIVED, "Dossier bien reçu"),
@@ -34,4 +36,12 @@
     (TPL_ADVISOR_ACCESS_REQUEST_ACCEPTED, "Demande d'accès conseillers acceptée"),
     (TPL_ADVISOR_ACCESS_REQUEST_REFUSED, "Demande d'accès conseillers refusée"),
     (TPL_MESSAGES_DIGEST, "Résumé des messages reçus (nouvelle conv')"),
+    (
+        TPL_RGDP_DELETION_FIRST_WARNING,
+        "Premier avertissement avant suppression pour inactivité",
+    ),
+    (
+        TPL_RGDP_DELETION_SECOND_WARNING,
+        "Second et dernier avertissement avant suppression pour inactivité",
+    ),
 )

recoco/apps/crm/templates/crm/user_details.html

@@ -116,11 +116,13 @@ <h5 class="d-flex align-items-center fr-mb-0">
                             </div>
                         </div>
                         <div class="d-flex align-items-end flex-column">
-                            <div class="btn-group btn-group-sm">
-                                <a href="{% url 'crm-user-update' crm_user.pk %}"
-                                   class="btn btn-outline-secondary"
-                                   aria-current="page">Gérer l'utilisateur·rice</a>
-                            </div>
+                            {% if not crm_user.profile.deleted %}
+                                <div class="btn-group btn-group-sm">
+                                    <a href="{% url 'crm-user-update' crm_user.pk %}"
+                                       class="btn btn-outline-secondary"
+                                       aria-current="page">Gérer l'utilisateur·rice</a>
+                                </div>
+                            {% endif %}
                             <div class="d-flex align-items-center">
                                 <svg class="bi" width="16" height="16" fill="currentColor">
                                     <use xlink:href="{% static 'svg/bootstrap-icons.svg'  %}#bell-fill" />
@@ -166,6 +168,7 @@ <h5 class="d-flex align-items-center fr-mb-0">
                     </div>
                 </div>
                 {% if not crm_user.is_active %}
+                  {% if crm_user.profile.disabled %}
                     <div class="alert alert-danger fr-mt-3w" role="alert">
                         <span>Ce compte a été suspendu. Ceci signifie que la personne ne
                             peut plus se connecter à {{ request.site.name }}.
@@ -177,6 +180,13 @@ <h5 class="d-flex align-items-center fr-mb-0">
                             </form>
                         </div>
                     </div>
+                    {% else %}
+                    <div class="alert alert-danger fr-mt-3w" role="alert">
+                        <span>Ce compte a été supprimé. Ceci signifie que la personne ne
+                            peut plus se connecter à {{ request.site.name }}.
+                        </div>
+                    </div>
+                    {% endif %}
                 {% endif %}
                 {% if crm_user.profile.organization %}
                     <div class="d-flex justify-content-between align-items-start">
@@ -190,16 +200,18 @@ <h5 class="d-flex align-items-center fr-mb-0">
                     </div>
                 {% endif %}
             </div>
-            <div class="fr-px-3w fr-pt-3w crm-notes-wrapper relative">
-                <a class="btn btn-primary fr-mb-3w"
-                   href="{% url 'crm-user-note-create' crm_user.pk %}">créer une note</a>
-                {% for note in sticky_notes.all %}
-                    {% include "crm/note.html" with pinned=True %}
-                {% endfor %}
-                {% for note in notes.all %}
-                    {% include "crm/note.html" %}
-                {% endfor %}
-            </div>
+            {% if not crm_user.profile.deleted %}
+                <div class="fr-px-3w fr-pt-3w crm-notes-wrapper relative">
+                    <a class="btn btn-primary fr-mb-3w"
+                       href="{% url 'crm-user-note-create' crm_user.pk %}">créer une note</a>
+                    {% for note in sticky_notes.all %}
+                        {% include "crm/note.html" with pinned=True %}
+                    {% endfor %}
+                    {% for note in notes.all %}
+                        {% include "crm/note.html" %}
+                    {% endfor %}
+                </div>
+            {% endif %}
             <div class="fr-px-3w fr-pt-3w bg-light crm-timeline-min-height">
                 <h4>Activité</h4>
                 {% include "crm/timeline.html" %}

recoco/apps/crm/templates/crm/user_update.html

@@ -25,6 +25,10 @@ <h3>Gérer le compte « {{ crm_user.username }} »</h3>
                         <a href="{% url 'crm-user-deactivate' crm_user.pk %}"
                            class="btn btn-danger">Suspendre ce compte</a>
                     </div>
+                {% elif crm_user.profile.deleted %}
+                    <div class="alert alert-danger" role="alert">
+                        Ce compte a été supprimé. Ceci signifie que la personne ne peut plus se connecter à {{ request.site.name }}.
+                    </div>
                 {% else %}
                     <div class="alert alert-danger" role="alert">
                         Ce compte a été suspendu. Ceci signifie que la personne ne peut plus se connecter à {{ request.site.name }}.

recoco/apps/crm/tests/test_user.py

@@ -1,3 +1,5 @@
+from datetime import datetime
+
 import django.core.mail
 import pytest
 from allauth.account.models import EmailAddress
@@ -410,6 +412,51 @@ def test_crm_user_update_profile_information_and_email_address(request, client):
     assert "Confirmez votre adresse email" in django.core.mail.outbox[0].subject
 
 
+@pytest.mark.django_db
+def test_crm_user_update_cant_update_disabled_user(request, client):
+    site = get_current_site(request)
+
+    organization = baker.make(addressbook_models.Organization)
+
+    end_user = baker.make(auth_models.User, is_active=False)
+    end_user.profile.sites.add(site)
+    profile = end_user.profile
+    profile.deleted = datetime(2022, 12, 12)
+    profile.save()
+
+    url = reverse("crm-user-update", args=[end_user.id])
+    data = {
+        "username": "johndoe@example.org",
+        "first_name": "John",
+        "last_name": "DOE",
+        "phone_no": "01 23 45 67 89",
+        "organization": organization.id,
+        "organization_position": "staff",
+    }
+
+    with login(client) as user:
+        assign_perm("use_crm", user, site)
+        client.post(url, data=data)
+
+    # user data is updated
+    end_user.refresh_from_db()
+
+    assert end_user.username != data["username"]
+    assert end_user.email != data["username"]
+    assert end_user.first_name != data["first_name"]
+    assert end_user.last_name != data["last_name"]
+
+    # profile is updated
+    profile.refresh_from_db()
+
+    assert profile.phone_no != data["phone_no"]
+    assert profile.organization != organization
+    assert profile.organization_position != data["organization_position"]
+
+    # the confirmation email has been sent
+    assert len(django.core.mail.outbox) == 0
+
+
 @pytest.mark.django_db
 def test_crm_user_update_profile_information_with_email_address_exists(request, client):
     site = get_current_site(request)
@@ -569,7 +616,8 @@ def test_crm_user_deactivate_processing(request, client):
     # user data is updated
     end_user.refresh_from_db()
     assert end_user.is_active is False
-    assert end_user.profile.deleted is not None
+    assert end_user.profile.deleted is None
+    assert end_user.profile.disabled is not None
 
 
 ########################################################################
@@ -623,7 +671,35 @@ def test_crm_user_reactivate_processing(request, client):
     # user data is updated
     end_user.refresh_from_db()
     assert end_user.is_active is True
-    assert end_user.profile.deleted is None
+    assert end_user.profile.disabled is None
+
+
+@pytest.mark.django_db
+def test_crm_user_reactivate_only_active(request, client):
+    site = get_current_site(request)
+
+    disabled = datetime(2025, 9, 12)
+    deleted = datetime(2026, 1, 16)
+
+    end_user = baker.make(auth_models.User, is_active=False)
+    end_user.profile.sites.add(site)
+    end_user.profile.disabled = disabled
+    end_user.profile.deleted = deleted
+    end_user.profile.save()
+
+    url = reverse("crm-user-reactivate", args=[end_user.id])
+
+    with login(client) as user:
+        assign_perm("use_crm", user, site)
+        response = client.post(url)
+
+    assert response.status_code == 400
+
+    # user data is updated
+    end_user.refresh_from_db()
+    assert end_user.is_active is False
+    assert end_user.profile.disabled is not None
+    assert end_user.profile.deleted is not None
 
 
 ########################################################################

recoco/apps/crm/views.py

@@ -29,6 +29,7 @@
 from django.contrib.syndication.views import Feed
 from django.core.cache import cache
 from django.core.cache.utils import make_template_fragment_key
+from django.core.exceptions import BadRequest
 from django.db import transaction
 from django.db.models import (
     Count,
@@ -74,6 +75,7 @@
     make_group_name_for_site,
 )
 
+from ..home.utils import deactivate_user, reactivate_user
 from . import filters, forms, models
 from .forms import SiteConfigurationForm
 
@@ -464,9 +466,9 @@ def user_list(request):
     # filtered users
     users = filters.UserFilter(
         request.GET,
-        queryset=User.objects.filter(profile__sites=request.site).prefetch_related(
-            "profile__organization"
-        ),
+        queryset=User.objects.filter(
+            profile__sites=request.site, profile__deleted__isnull=True
+        ).prefetch_related("profile__organization"),
     )
 
     # required by default on crm
@@ -488,6 +490,8 @@ def user_update(request, user_id=None):
     if request.method == "POST":
         form = forms.CRMProfileForm(request.POST, instance=profile)
         if form.is_valid():
+            if crm_user.profile.deleted:
+                form.add_error(None, "Cannot update a deleted user")
             with transaction.atomic():
                 username = form.cleaned_data.get("username")
                 email_changed = username != crm_user.username
@@ -566,11 +570,7 @@ def user_deactivate(request, user_id=None):
     crm_user = get_object_or_404(User, pk=user_id, profile__sites=request.site)
 
     if request.method == "POST":
-        crm_user.is_active = False
-        crm_user.save()
-        profile = crm_user.profile
-        profile.deleted = timezone.now()
-        profile.save()
+        deactivate_user(crm_user)
         return redirect(reverse("crm-user-details", args=[crm_user.id]))
 
     # required by default on crm
@@ -586,11 +586,9 @@ def user_reactivate(request, user_id=None):
     crm_user = get_object_or_404(User, pk=user_id, profile__sites=request.site)
 
     if request.method == "POST":
-        crm_user.is_active = True
-        crm_user.save()
-        profile = crm_user.profile
-        profile.deleted = None
-        profile.save()
+        if crm_user.profile.deleted:
+            raise BadRequest("Cannot reactivate a deleted user")
+        reactivate_user(crm_user)
         return redirect(reverse("crm-user-details", args=[crm_user.id]))
 
     # required by default on crm

recoco/apps/home/management/commands/warn_delete_users.py

@@ -0,0 +1,86 @@
+from datetime import timedelta
+
+from django.core.management import BaseCommand
+from django.utils import timezone
+from tqdm import tqdm
+
+from recoco.apps.home.models import UserProfile
+from recoco.apps.home.utils import (
+    DELETION_ABSENT_FOR_DAYS,
+    FIRST_WARNING_DAYS_BEFORE,
+    SECOND_WARNING_DAYS_BEFORE,
+    delete_user,
+    send_deletion_warning_to_profiles,
+)
+
+
+class Command(BaseCommand):
+    help = "Warn and delete users that have been absent for too long"
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "-d", "--dry-run", action="store_true", help="Do not actually send stuff"
+        )
+
+    def warn_and_delete(self, dry_run):
+        now = timezone.now()
+        so_long = now - timedelta(days=DELETION_ABSENT_FOR_DAYS)
+        since_second_warning = now - timedelta(days=SECOND_WARNING_DAYS_BEFORE)
+        since_first_warning = now - timedelta(
+            days=FIRST_WARNING_DAYS_BEFORE - SECOND_WARNING_DAYS_BEFORE
+        )
+
+        not_deleted_profiles = UserProfile.all.filter(
+            deleted=None
+        )  # we keep disabled users
+
+        # resets warning of users who used the platform lately
+        not_deleted_profiles.filter(
+            previous_activity_at__gte=since_second_warning, nb_deletion_warnings__gt=0
+        ).update(nb_deletion_warnings=0, previous_deletion_warning_at=None)
+
+        # first warning
+        to_first_warn_profiles = not_deleted_profiles.filter(
+            previous_activity_at__lt=so_long, nb_deletion_warnings=0
+        )
+        self.stdout.write(
+            f"Warning {to_first_warn_profiles.count()} users for the first time"
+        )
+        if dry_run:
+            self.stdout.write("dry run: no email sent")
+        else:
+            send_deletion_warning_to_profiles(to_first_warn_profiles, 1)
+            to_first_warn_profiles.update(
+                nb_deletion_warnings=1, previous_deletion_warning_at=timezone.now()
+            )
+
+        # second warning
+        to_second_warn_profiles = not_deleted_profiles.filter(
+            previous_deletion_warning_at__lt=since_first_warning, nb_deletion_warnings=1
+        )
+        self.stdout.write(
+            f"Warning {to_second_warn_profiles.count()} users for the second time"
+        )
+        if dry_run:
+            self.stdout.write("dry run: no email sent")
+        else:
+            send_deletion_warning_to_profiles(to_second_warn_profiles, 2)
+            to_second_warn_profiles.update(
+                nb_deletion_warnings=2, previous_deletion_warning_at=timezone.now()
+            )
+
+        # actual deletion
+        to_delete = not_deleted_profiles.filter(
+            previous_deletion_warning_at__lt=since_second_warning,
+            nb_deletion_warnings=2,
+        )
+        self.stdout.write(f"Deleting {to_delete.count()} users")
+        if dry_run:
+            self.stdout.write("dry run: no account deleted")
+        else:
+            for profile in tqdm(to_delete):
+                delete_user(profile.user)
+
+    def handle(self, *args, **options):
+        dry_run = options["dry_run"]
+        self.warn_and_delete(dry_run)

recoco/apps/home/middlewares.py

@@ -1,5 +1,9 @@
+from datetime import timedelta
+
+import sentry_sdk
 from django.core.exceptions import ImproperlyConfigured
 from django.http import HttpRequest
+from django.utils import timezone
 
 from recoco.apps.home.models import SiteConfiguration
 
@@ -25,3 +29,27 @@ def __call__(self, request: HttpRequest):
         )
 
         return self.get_response(request)
+
+
+class PreviousActivityMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request: HttpRequest):
+        now = timezone.now()
+        if (
+            request.user.is_authenticated
+            and not request.user.is_hijacked
+            and (
+                request.user.profile.previous_activity_at is None
+                or request.user.profile.previous_activity_at < now + timedelta(days=1)
+            )
+        ):
+            try:
+                request.user.profile.previous_activity_at = now
+                request.user.profile.previous_activity_site = request.site
+                request.user.profile.save()
+            except Exception as e:
+                sentry_sdk.capture_exception(e)
+
+        return self.get_response(request)