neongreen · October 1, 2018 15:00
diff --git a/App.hs b/App.hs

 -- | Look up user locally, then in brig, then return the 'UserId'.  If either lookup fails, return
 -- 'Nothing'.  See also: 'Spar.App.createUser'.
 --
 -- ASSUMPTIONS: User creation on brig/galley is idempotent.  Any incomplete creation (because of
 -- brig or galley crashing) will cause the lookup here to yield invalid user.
 getUser :: SAML.UserRef -> Spar (Maybe UserId)
 getUser uref = do
  muid <- wrapMonadClient $ Data.getUser uref
  case muid of
    Nothing -> pure Nothing
    Just uid -> Intra.confirmUserId uid

 -- | Create a fresh 'Data.Id.UserId', store it on C* locally together with 'SAML.UserRef', then
 -- create user on brig with that 'UserId'.  See also: 'Spar.App.getUser'.
 --
 -- The manual for the team admin should say this: when deleting a user, delete it on the IdP first,
 -- then delete it on the team admin page in wire.  If a user is deleted in wire but not in the IdP,
 -- it will be recreated on the next successful login attempt.
 --
 -- When an sso login succeeds for a user that is marked as deleted in brig, it is recreated by spar.
 -- This is necessary because brig does not talk to spar when deleting users, and we may have
 -- 'UserId' records on spar that are deleted on brig.  Without this lenient behavior, there would be
 -- no way for admins to reuse a 'SAML.UserRef' if it has ever been associated with a deleted user in
 -- the past.
 --
 -- FUTUREWORK: once we support <https://github.com/wireapp/hscim scim>, brig will refuse to delete
 -- users that have an sso id, unless the request comes from spar.  then we can make users
 -- undeletable in the team admin page, and ask admins to go talk to their IdP system.
 createUser :: SAML.UserRef -> Spar UserId
 createUser suid = do
  buid <- Id <$> liftIO UUID.nextRandom
  teamid <- (^. idpExtraInfo) <$> getIdPConfigByIssuer (suid ^. uidTenant)
  insertUser suid buid
  buid' <- Intra.createUser suid buid teamid
  assert (buid == buid') $ pure buid

	-- \| Look up user locally, then in brig, then return the 'UserId'. If either lookup fails, return
	-- 'Nothing'. See also: 'Spar.App.createUser'.
	--
	-- ASSUMPTIONS: User creation on brig/galley is idempotent. Any incomplete creation (because of
	-- brig or galley crashing) will cause the lookup here to yield invalid user.
	getUser :: SAML.UserRef -> Spar (Maybe UserId)
	getUser uref = do
	muid <- wrapMonadClient $ Data.getUser uref
	case muid of
	Nothing -> pure Nothing
	Just uid -> Intra.confirmUserId uid

	-- \| Create a fresh 'Data.Id.UserId', store it on C* locally together with 'SAML.UserRef', then
	-- create user on brig with that 'UserId'. See also: 'Spar.App.getUser'.
	--
	-- The manual for the team admin should say this: when deleting a user, delete it on the IdP first,
	-- then delete it on the team admin page in wire. If a user is deleted in wire but not in the IdP,
	-- it will be recreated on the next successful login attempt.
	--
	-- When an sso login succeeds for a user that is marked as deleted in brig, it is recreated by spar.
	-- This is necessary because brig does not talk to spar when deleting users, and we may have
	-- 'UserId' records on spar that are deleted on brig. Without this lenient behavior, there would be
	-- no way for admins to reuse a 'SAML.UserRef' if it has ever been associated with a deleted user in
	-- the past.
	--
	-- FUTUREWORK: once we support <https://github.com/wireapp/hscim scim>, brig will refuse to delete
	-- users that have an sso id, unless the request comes from spar. then we can make users
	-- undeletable in the team admin page, and ask admins to go talk to their IdP system.
	createUser :: SAML.UserRef -> Spar UserId
	createUser suid = do
	buid <- Id <$> liftIO UUID.nextRandom
	teamid <- (^. idpExtraInfo) <$> getIdPConfigByIssuer (suid ^. uidTenant)
	insertUser suid buid
	buid' <- Intra.createUser suid buid teamid
	assert (buid == buid') $ pure buid