From 3a315bf1ceab384dc6bb9746e53c97bddd4e7d37 Mon Sep 17 00:00:00 2001
From: Abhishek Kondur <abhi281342@gmail.com>
Date: Wed, 10 Dec 2025 14:02:38 +0400
Subject: [PATCH] Merge pull request #3767 from gravitl/NM-187

NM-187: force delete user configs option
---
 controllers/user.go | 38 ++++++++++++++++++++++++++++++++++----
 1 file changed, 34 insertions(+), 4 deletions(-)

diff --git a/controllers/user.go b/controllers/user.go
index 8ca3e7dd..00540e99 100644
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -797,6 +797,26 @@ func enableUserAccount(w http.ResponseWriter, r *http.Request) {
 		logger.Log(0, "failed to enable user account: ", err.Error())
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 	}
+	go func() {
+		enableConfigs := r.URL.Query().Get("force_enable_configs") == "true"
+		if !enableConfigs {
+			return
+		}
+		extclients, err := logic.GetAllExtClients()
+		if err != nil {
+			logger.Log(0, "failed to get user extclients:", err.Error())
+			return
+		}
+		for _, extclient := range extclients {
+			if extclient.OwnerID == user.UserName && !extclient.Enabled {
+				_, err = logic.ToggleExtClientConnectivity(&extclient, true)
+				if err != nil {
+					logger.Log(1, "failed to delete user extclient:", err.Error())
+				}
+			}
+		}
+		mq.PublishPeerUpdate(false)
+	}()
 
 	logic.ReturnSuccessResponse(w, r, "user account enabled")
 }
@@ -870,21 +890,24 @@ func disableUserAccount(w http.ResponseWriter, r *http.Request) {
 	}
 
 	go func() {
+		disableConfigs := r.URL.Query().Get("force_disable_configs") == "true"
+		if !disableConfigs {
+			return
+		}
 		extclients, err := logic.GetAllExtClients()
 		if err != nil {
 			logger.Log(0, "failed to get user extclients:", err.Error())
 			return
 		}
-
 		for _, extclient := range extclients {
 			if extclient.OwnerID == user.UserName {
-				err = logic.DeleteExtClientAndCleanup(extclient)
+				_, err = logic.ToggleExtClientConnectivity(&extclient, false)
 				if err != nil {
-					logger.Log(0, "failed to delete user extclient:", err.Error())
+					logger.Log(1, "failed to delete user extclient:", err.Error())
 				} else {
 					err := mq.PublishDeletedClientPeerUpdate(&extclient)
 					if err != nil {
-						logger.Log(0, "failed to publish deleted client peer update:", err.Error())
+						logger.Log(1, "failed to publish deleted client peer update:", err.Error())
 					}
 				}
 			}
@@ -1555,6 +1578,7 @@ func deleteUser(w http.ResponseWriter, r *http.Request) {
 	})
 	// check and delete extclient with this ownerID
 	go func() {
+		delete := r.URL.Query().Get("force_delete_configs") == "true"
 		extclients, err := logic.GetAllExtClients()
 		if err != nil {
 			slog.Error("failed to get extclients", "error", err)
@@ -1562,6 +1586,12 @@ func deleteUser(w http.ResponseWriter, r *http.Request) {
 		}
 		for _, extclient := range extclients {
 			if extclient.OwnerID == user.UserName {
+				if extclient.DeviceID == "" && extclient.RemoteAccessClientID == "" {
+					if !delete {
+						// only delete wireguard configs on force
+						continue
+					}
+				}
 				err = logic.DeleteExtClientAndCleanup(extclient)
 				if err != nil {
 					slog.Error("failed to delete extclient",