Looking at the ExternalLoginModuleTestBase I got the impression that the cleanup of user/group accounts is effectively broken.
The current code looks as follows:
- in the before method the list of existing authorizables is collected
- in the after method the following code is executed:
I might be totally mistaken but IMHO looks troublesome. Introducing an assertion after this verifying that the user with the external-test-id has been removed will actually fail... and I assume that this would have been the expected outcome.
So, I would have expected the after-method to remove all users/groups except those gather in the before-call, which would be considered built-in to the repository.