When a user disappears from GEWISDB, they can no longer log in at SudoSOS, as the GEWIS.nl authentication method is no longer available to them. Therefore, we should automatically transform these accounts to local accounts, so these users can remain active in SudoSOS. This is necessary, because accounts can only be deleted if their balance is exactly 0. If they are still in debt, they need to be able to pay of their debt. If they still have some balance left, they should be able to spend this money one way or another.
If their deletion from GEWISDB was somehow a mistake, we should assume these accounts can be restored and will pop up again during syncing. However, we will only transform a LOCAL account back to a MEMBER account if they log in via gewis.nl. Their password (if present) should be deleted.
How could it be implemented?
We should always keep a copy of a user's GEWIS ID if it exists, independent of the type of user they are.
The new user syncing should implement this workflow (https://github.com/GEWIS/sudosos-backend/issues/331). When a MEMBER user is no longer present in GEWISDB, we should do one of the following things:
a) If the balance is exactly 0, we mark the user as deleted.
b) If the balance is not exactly 0, we transform the MEMBER user to a LOCAL user.
If a member user logs in via GEWIS.nl and there is a match on the GEWIS ID, the LOCAL user should be transformed back to a MEMBER user. This should also work for deleted users: if they are marked as deleted, but log in again via gewis.nl, we should restore their account to prevent duplicates.
Note that during the transformation, we should disallow the user to go into debt. LOCAL users should not be able to go into debt (unless specifically allowed by the BACPM).
What would you like?
See title.
Why is this needed?
When a user disappears from GEWISDB, they can no longer log in at SudoSOS, as the GEWIS.nl authentication method is no longer available to them. Therefore, we should automatically transform these accounts to local accounts, so these users can remain active in SudoSOS. This is necessary, because accounts can only be deleted if their balance is exactly 0. If they are still in debt, they need to be able to pay of their debt. If they still have some balance left, they should be able to spend this money one way or another.
If their deletion from GEWISDB was somehow a mistake, we should assume these accounts can be restored and will pop up again during syncing. However, we will only transform a LOCAL account back to a MEMBER account if they log in via gewis.nl. Their password (if present) should be deleted.
How could it be implemented?
Note that during the transformation, we should disallow the user to go into debt. LOCAL users should not be able to go into debt (unless specifically allowed by the BACPM).
Other information
No response