CKAN user deletion causes auth errors on subsequent logins

[MrkGrgsn]

Currently with this extension a sysadmin can delete a user account (including their own). Subsequent attempts to login via LDAP result in a NotAuthorized exception on the login page.

To reproduce:

1. delete a LDAP-linked CKAN user account
2. login as the deleted account

Observed on CKAN 2.5.2.

I would expect this to be handled in some way, e.g., by preventing deletions, failing login, or re-activating the user after successful auth. Perhaps the method of dealing with this should be configurable to suit the needs of the CKAN instance.

[MrkGrgsn]

It appears that the user is successfully logged in but then fails the access check for loading the new dashboard activity count to display in the header. It looks like _ckan_user_exists() returns 'exists':True for deleted users but I haven't tested this.

[weshinsley]

To add to this (testing on 2.6.2):-

1. after deleting the account, and trying to login to the account, I could no longer access the ckan web interface at all, until I cleared the ckan cookie from my browser - I got Invalid Server Configuration pages.

2. possibly the issue is that ldap_user.ldap_id is a foreign key from the user table, hence I had to manually delete the entries from postgres with...

sudo -u postgres psql ckan_default
delete from only "ldap_user" where ldap_id='username';
delete from only "user" where name='username';

to delete the user properly. After this, I could login again with that username and recreate the user from ldap.

[t-book]

I can confirm that issue, but in my case, I had to delete the user in the user table as well. (as It just had been marked as state = deleted)