Add account deletion endpoint (#1331)

Adding support to account owners to delete an account This will remove all users from local, and if --user-delete-from-idp is set it will remove from the remote IDP
2025-08-09 15:25:20 +02:00 · 2023-11-28 14:23:38 +01:00
parent dc05102b8f
commit c2eaf8a1c0
12 changed files with 342 additions and 7 deletions
--- a/management/server/file_store.go
+++ b/management/server/file_store.go
@ -351,6 +351,41 @@ func (s *FileStore) SaveAccount(account *Account) error {
 	return s.persist(s.storeFile)
 }

+func (s *FileStore) DeleteAccount(account *Account) error {
+	s.mux.Lock()
+	defer s.mux.Unlock()
+
+	if account.Id == "" {
+		return status.Errorf(status.InvalidArgument, "account id should not be empty")
+	}
+
+	for keyID := range account.SetupKeys {
+		delete(s.SetupKeyID2AccountID, strings.ToUpper(keyID))
+	}
+
+	// enforce peer to account index and delete peer to route indexes for rebuild
+	for _, peer := range account.Peers {
+		delete(s.PeerKeyID2AccountID, peer.Key)
+		delete(s.PeerID2AccountID, peer.ID)
+	}
+
+	for _, user := range account.Users {
+		for _, pat := range user.PATs {
+			delete(s.TokenID2UserID, pat.ID)
+			delete(s.HashedPAT2TokenID, pat.HashedToken)
+		}
+		delete(s.UserID2AccountID, user.Id)
+	}
+
+	if account.DomainCategory == PrivateCategory && account.IsDomainPrimaryAccount {
+		delete(s.PrivateDomain2AccountID, account.Domain)
+	}
+
+	delete(s.Accounts, account.Id)
+
+	return s.persist(s.storeFile)
+}
+
 // DeleteHashedPAT2TokenIDIndex removes an entry from the indexing map HashedPAT2TokenID
 func (s *FileStore) DeleteHashedPAT2TokenIDIndex(hashedToken string) error {
 	s.mux.Lock()