From 617a98d6d8a48e347921bdcaa5155b4022174d87 Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Fri, 8 Dec 2017 14:14:55 -0500
Subject: Allow deactivation of SSO users (#7952)

---
 api4/user.go         | 12 ++++++++++--
 api4/user_test.go    | 11 ++++++++++-
 cmd/platform/user.go |  4 ++--
 3 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/api4/user.go b/api4/user.go
index 16b7f79a9..4f4185958 100644
--- a/api4/user.go
+++ b/api4/user.go
@@ -683,10 +683,18 @@ func updateUserActive(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if ruser, err := c.App.UpdateNonSSOUserActive(c.Params.UserId, active); err != nil {
+	var user *model.User
+	var err *model.AppError
+
+	if user, err = c.App.GetUser(c.Params.UserId); err != nil {
+		c.Err = err
+		return
+	}
+
+	if _, err := c.App.UpdateActive(user, active); err != nil {
 		c.Err = err
 	} else {
-		c.LogAuditWithUserId(ruser.Id, fmt.Sprintf("active=%v", active))
+		c.LogAuditWithUserId(user.Id, fmt.Sprintf("active=%v", active))
 		ReturnStatusOK(w)
 	}
 }
diff --git a/api4/user_test.go b/api4/user_test.go
index 9c554da54..e3f1935b4 100644
--- a/api4/user_test.go
+++ b/api4/user_test.go
@@ -1163,6 +1163,13 @@ func TestUpdateUserActive(t *testing.T) {
 
 	_, resp = SystemAdminClient.UpdateUserActive(user.Id, false)
 	CheckNoError(t, resp)
+
+	authData := model.NewId()
+	result := <-th.App.Srv.Store.User().UpdateAuthData(user.Id, "random", &authData, "", true)
+	require.Nil(t, result.Err)
+
+	_, resp = SystemAdminClient.UpdateUserActive(user.Id, false)
+	CheckNoError(t, resp)
 }
 
 func TestGetUsers(t *testing.T) {
@@ -2123,7 +2130,9 @@ func TestSwitchAccount(t *testing.T) {
 	defer func() {
 		utils.SetIsLicensed(isLicensed)
 		utils.SetLicense(license)
-		th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.ExperimentalEnableAuthenticationTransfer = enableAuthenticationTransfer })
+		th.App.UpdateConfig(func(cfg *model.Config) {
+			*cfg.ServiceSettings.ExperimentalEnableAuthenticationTransfer = enableAuthenticationTransfer
+		})
 	}()
 	utils.SetIsLicensed(true)
 	utils.SetLicense(&model.License{Features: &model.Features{}})
diff --git a/cmd/platform/user.go b/cmd/platform/user.go
index e5e068023..0913609f1 100644
--- a/cmd/platform/user.go
+++ b/cmd/platform/user.go
@@ -184,8 +184,8 @@ func changeUserActiveStatus(a *app.App, user *model.User, userArg string, activa
 	if user == nil {
 		return fmt.Errorf("Can't find user '%v'", userArg)
 	}
-	if user.IsLDAPUser() {
-		return errors.New("You can not modify the activation status of AD/LDAP accounts. Please modify through the AD/LDAP server.")
+	if user.IsSSOUser() {
+		fmt.Println("You must also deactivate this user in the SSO provider or they will be reactivated on next login or sync.")
 	}
 	if _, err := a.UpdateActive(user, activate); err != nil {
 		return fmt.Errorf("Unable to change activation status of user: %v", userArg)
-- 
cgit v1.2.3-1-g7c22