From f4ac2f50e2fb380a9b4910fbaa5c5542f734c617 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 13 Jun 2021 12:39:10 +0200
Subject: [PATCH] sources/saml: check sessions before deleting user

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/sources/saml/tasks.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/authentik/sources/saml/tasks.py b/authentik/sources/saml/tasks.py
index 4ebbddba9..bac63ad81 100644
--- a/authentik/sources/saml/tasks.py
+++ b/authentik/sources/saml/tasks.py
@@ -2,7 +2,7 @@
 from django.utils.timezone import now
 from structlog.stdlib import get_logger
 
-from authentik.core.models import User
+from authentik.core.models import AuthenticatedSession, User
 from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus
 from authentik.lib.utils.time import timedelta_from_string
 from authentik.root.celery import CELERY_APP
@@ -31,11 +31,13 @@ def clean_temporary_users(self: MonitoredTask):
             continue
         source = sources.first()
         source_delta = timedelta_from_string(source.temporary_user_delete_after)
-        if _now - user.last_login >= source_delta:
+        if (
+            _now - user.last_login >= source_delta
+            and not AuthenticatedSession.objects.filter(user=user).exists()
+        ):
             LOGGER.debug(
                 "User is expired and will be deleted.", user=user, delta=source_delta
             )
-            # TODO: Check if user is signed in anywhere?
             user.delete()
             deleted_users += 1
     messages.append(f"Successfully deleted {deleted_users} users.")