From 2ab37b45cf0e2fb7618fdb53a5f508c95b28176f Mon Sep 17 00:00:00 2001 From: Chad Scharf <3904944+cscharf@users.noreply.github.com> Date: Fri, 5 Mar 2021 15:49:57 -0500 Subject: [PATCH] Don't check user group filter for deleted users --- src/services/azure-directory.service.ts | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/services/azure-directory.service.ts b/src/services/azure-directory.service.ts index e39ba721..cbf2f27e 100644 --- a/src/services/azure-directory.service.ts +++ b/src/services/azure-directory.service.ts @@ -90,7 +90,7 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire continue; } const entry = this.buildUser(user); - if (await this.filterOutUserResult(setFilter, entry)) { + if (await this.filterOutUserResult(setFilter, entry, true)) { continue; } @@ -147,7 +147,7 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire if (!entry.disabled && !entry.deleted) { continue; } - if (await this.filterOutUserResult(setFilter, entry)) { + if (await this.filterOutUserResult(setFilter, entry, false)) { continue; } @@ -257,7 +257,8 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire return [userSetType, set]; } - private async filterOutUserResult(setFilter: [UserSetType, Set], user: UserEntry): Promise { + private async filterOutUserResult(setFilter: [UserSetType, Set], user: UserEntry, + checkGroupsFilter: boolean): Promise { if (setFilter == null) { return false; } @@ -273,6 +274,10 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire return this.filterOutResult([userSetTypeExclude, setFilter[1]], user.email); } + // We need to *not* call the /checkMemberGroups method for deleted users, it will always fail + if (!checkGroupsFilter) { + return false; + } const memberGroups = await this.client.api(`/users/${user.externalId}/checkMemberGroups`).post({ groupIds: Array.from(setFilter[1]), });