feat(go): sync user account status from idp;

pro/auth/sync.go

@@ -60,17 +60,22 @@ func SyncUsers() error {
 		idpUsersMap[user.ID] = struct{}{}
 	}
 
-	dbUsersMap := make(map[string]struct{})
+	dbUsersMap := make(map[string]models.User)
 	for _, user := range dbUsers {
-		dbUsersMap[user.UserName] = struct{}{}
+		// ignore internal users.
+		if user.ExternalIdentityProviderID != "" {
+			dbUsersMap[user.ExternalIdentityProviderID] = user
+		}
 	}
 
 	for _, user := range idpUsers {
-		if _, ok := dbUsersMap[user.Username]; !ok {
+		dbUser, ok := dbUsersMap[user.ID]
+		if !ok {
 			// create the user only if it doesn't exist.
 			err = logic.CreateUser(&models.User{
 				UserName:                   user.Username,
 				ExternalIdentityProviderID: user.ID,
+				AccountDisabled:            user.AccountDisabled,
 				Password:                   password,
 				AuthType:                   models.OAuth,
 				PlatformRoleID:             models.PlatformUser,
@@ -78,14 +83,10 @@ func SyncUsers() error {
 			if err != nil {
 				return err
 			}
-		}
-	}
-
-	for _, user := range dbUsers {
-		if user.ExternalIdentityProviderID != "" {
-			if _, ok := idpUsersMap[user.ExternalIdentityProviderID]; !ok {
-				// delete the user if it has been deleted on idp.
-				_, err = logic.DeleteUser(user.UserName)
+		} else {
+			if dbUser.AccountDisabled != user.AccountDisabled {
+				dbUser.AccountDisabled = user.AccountDisabled
+				err = logic.UpsertUser(dbUser)
 				if err != nil {
 					return err
 				}
@@ -93,6 +94,16 @@ func SyncUsers() error {
 		}
 	}
 
+	for _, user := range dbUsersMap {
+		if _, ok := idpUsersMap[user.ExternalIdentityProviderID]; !ok {
+			// delete the user if it has been deleted on idp.
+			_, err = logic.DeleteUser(user.UserName)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
 	return nil
 }
 

pro/idp/azure/azure.go

@@ -36,7 +36,7 @@ func NewAzureEntraIDClient() (*Client, error) {
 func (a *Client) GetUsers() ([]idp.User, error) {
 	resp, err := a.client.Users().Get(context.TODO(), &msgraphusers.UsersRequestBuilderGetRequestConfiguration{
 		QueryParameters: &msgraphusers.UsersRequestBuilderGetQueryParameters{
-			Select: []string{"id", "userPrincipalName"},
+			Select: []string{"id", "userPrincipalName", "accountEnabled"},
 		},
 	})
 	if err != nil {
@@ -48,8 +48,9 @@ func (a *Client) GetUsers() ([]idp.User, error) {
 	retval := make([]idp.User, len(users))
 	for i, user := range users {
 		retval[i] = idp.User{
-			ID:       *user.GetId(),
-			Username: *user.GetUserPrincipalName(),
+			ID:              *user.GetId(),
+			Username:        *user.GetUserPrincipalName(),
+			AccountDisabled: !*user.GetAccountEnabled(),
 		}
 	}
 

pro/idp/idp.go

@@ -6,8 +6,9 @@ type Client interface {
 }
 
 type User struct {
-	ID       string
-	Username string
+	ID              string
+	Username        string
+	AccountDisabled bool
 }
 
 type Group struct {